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Description 

BACKGROUND OF THE INVENTIOKI 

5 1. Field Of the ifweation 

The invention generally relates to a security eystem and, more specificaay, to a method mi system tor permWino 
an authentic user to use charged infbnmation wNch has been distrl)uted via package or transm^sion media vvhtle 
chargkig and oontrolfing the use of distributed chewed informab'on. 

TO 

2. Description of the Prior Art 

In Older to use charged infonnation such as music, movies, games, elc provided by infonnation providers that pn>> 
vide various programs of such charged vTformation. a user has ge^ 

IS step), the user obtains a desred program from one of the infonrotionpf^^ 

as an FO (floppy cfec). an optical disc (e.g., CD-ROM (compact cfisc read only memory) axJ DVD (<Sgltai versatite disc 
or video disc)), rtc. on which the desired program is recorded (off-inedistrixjtion or obtaining) a by 
desired program from the serve- computer of an Information provkJa- through a pred^ermined prooedkire (on-Tine dis- 
trfeution or obtairting). In case of the on-line obtaining, the user may either ptay the program while obtaWng it fue.. the 

20 two steps are executed in parafleQ or store the pft)gram¥i<hileob^^ 

as the seoond step (or using step). In case of the off-lkie obtaining, in the second step the user loads the obtaned 
recording meda rrto an appropriate device and directly plays (or executes) the program or once stores the pro^em into 
tfie memory of the device and then plays the pro^m. 

J^nese Patent unexamrwd piAlicalion Na Hei7-295674 (199§) disctoses a security system lor use in the sec- 

25 ond or using step for a CD-ROM. In this system, the user can use encrypted inform^ 

apa)lickeyofatoll center (a cemer ptbiic key) on a CD-ROM by encrypting with the cemer pubSc ^ 

code of desired program friduded in the infionration and a user-generated key to the information provider and by 

decrypting the information with an encryption toy which has been encrypted with the user-^ 

the information provider. However, the Iderttity of the user is not verified, permitting a maJa fide user who have obtal ned 

30 other person^ CD-ROM to use it Further, the cemerpublk; key is pressed together w^ 
the CD-ROM. This makes ft difficuH to change the center public key. Also. tNs causes drf^ 
want to use different center publfo keys to force the CD-ROM manufacturer to use diff^ent nBsters (or stanpers) in 
pressffig the CD-ROMs. 

Japanese Patent unexamined piislication Na He(7-288519 (19^ disctoses a securi^ system for use h both the 
35 fast and second steps. However, this system is only applnaUe to a system in which charged infonnation is <fistributed 
onlina 

Japanese Patent unexamaied puWicatfon No. Hei8-54951 (1996) discloses a system in wNch the quantity of used 
software is monitored, and further software use by tlie user is inpeded if the quan^ 

Since a dedicated harcAwar e is necessary for irrpecSng of software use, this system is only suH^e for the use in a 
40 server in a on-line distributkxY system. 

There is aiso a system for permitting a user to use. only for a trial period, software which has been distributed wHh 
data defkiing the trial period. In this system, a mala fide user rnayrnito the software reusable by installrK) the software 
agaki or setting the user system cfock for a past time. 

There are these and other prog^ms in the art. It is an object of tie Invention to provide a system for pa^mrttfng only 
45 an authentic user (a user virtio have legally otrtahed charged information either on line or off line from an information 
provider) to use the charged Information without any Rmitation, charging for each time of its use, or ¥wthin the tderan:e 
of a use>Gmiting factor (e.g.. the quantify used, the days elapsed sme the day of its purchase or the cunent date) 
according to the type of the charged information. 

50 SUMMARY OF THE IN/VEm-ION 

Acoorcfing to ttie prirKiples of the invention, rt is assuned that charged Information or an application package is dis- 
tributed, either via package (or recording) media or via transmission media, together ¥wth at least control infor m ation 
such as a media title and a media oode» eto. HoMrever. an ilkistrative embodiment wiB be descrfoed mainly in conjunction 
55 with charged information recorded on and drstrfouted by nieans of ttie D\^ I 

Fdr any type of charged information, charged information has been enaypted with a Key and recorded on a DVD 
when obtained fay a user. If (fistributed charged information to be played is of the iimiti essly playable type, the charged 
infonnation processing is achieved in thefolkMnng my: the key is first obtained in a user piisiic key-encrypted form from 
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the DVD on which the key has been reoorded at the time of skiing the DVD; the user public key-enorypted key is 
decrypted wrth a user secr^ stared in a IC card into a deaypted key; and the ^lorypted charged orfornistlon is 
decrypted with the decrypted key and oonsunfied (that is. played or executed). IhB user-pubfic key-encrypted key 
be obtained on fine from the server serving ttie client (derk^e). 

5 If distrftiutad charged information to be played is of the usage-sensitive charging type, the user is charged for each 
time of using the information. In this case, prior to processing the charged informatkx). the dient double-encrypts and 
sends a user^ credit card nun^ to one of the to 11 servers of the provider the Infonnation; the server adds an 
amount (e.g., time or duratfon) used associated with the information to the value n a total amount (software meter) 
fieki in a volume date table, and sends the Mpdated total anxMjnt valu 

10 total amount. Then the dient starts the charged information processing. 

If distributed charged Inimniaffon to be played is of the limit^ttached t)pe. that is. the use of the infonnation islo 
t>e limited by the ti^eraKe of a certain irmiting factor concerning the Information consumption^ then the client is permit- 
ted to consume the changed infonnation Of^ if the use-limiting factor is witNn the preset ItmH. In case of tHs type of 
charged information, ^or to processing the charged infonratioa the dient sends the identifier ((D) code of a user spec- 

16 ifiedappficationwhkdi is recorded on the DVD fo the server; on receiving 
fector associated with the user specified appfication is «^ 

the test result, and the dient KSep^ the test result; If the test was suocessfd. then the server i^pdates the meter (or 

ime^ted value) of the use4imr1ing factor and sends the iipdated vafoe 

of the updated value the diem <£splays the ^9dated valua Then the dient starte 

20 

BRIEF DESCRIPTION OF TOE DRAWING 

Further otjeds and adiAntages of tfM presem invention wiH be apparem 
f ened embodimenls of the invention as illustrated in the accompany drawings. In the drawing, 

26 

FIG. 1 isabiockctegramshowinganarrangememofasystemforperrnttkigausertouseadstrix^ 

package on the terms of use of the package with a Ngher security accord!^ 

ffivention; 

FIQ. 2 is a diagram showing an exemplary stnjcture of an appficatfo^ 
30 on a DVD used in the inventive system; 

FIQs.3and4aredagramsshowing. In a detailed fonn. exemplary data structures of the voturnedescv^ 
the distrfoution desaiptor 23. respectively; 

FIQ. 5 is a flow chart of a voli^ oonrd program for playing tfte ap^icalfo^ 
the prridpte of the inversion; 

ss FKa.GAisadagramshowinganexenplarystniCtireofavoluniedatat^esto^ 1; 
FIQ. 6B is a cEagram showing an exenplary structure of a application data table sto^ 
FK3. 7 Is a diagram showBig a sinjcture of a sen/er table 75 stored h the EEPROM 103 
FIQs. 6A and 8B are fkw charts of rnitial routines executed Interactiveiy by the c6em 2 and the eerver 8. respec- 
tively, at the beginning of the processes 650. 700 and 800. 

40 FIQ. 9 ts a fkMT Chart Showing a procedure Of a free ptay process shown as step 650 in FIG. 5. 

adjacei^ blocks by two flow iines incScates that each block is executed Herat^i^ by a dient and an associated 
server; 

FIQs. 1 0A and 10B are ffow charts joMy showing a procedure fonmed of exemplaiye^^ 
routines Interactively executed; 
4S FIQ&IIAandllBareftowchartsjoMyshowingaprooedurefonnedofexanplarytif^ 

report routines interactively executed for playir^ an appfication white timing the duration and (feplaying a timed pl^ 
duration after the play; 

FIGs. 1 2A and 12B are ikfu ctnrts jotntiy showing a procedi^e formed of exenptary timed app&cation-^y subrou- 
tffies ffiteractivdy executed for playing the application wfvle timmg the duration; 
60 FIGs. 13A and 13B are fkMv charts iointiy showing a procedure fomied of itfiernativeti 

tines interactively esoecuted in which timing of play tkne is achieved witii a timer m the dient; 

FKB. 14 is a flow chart of an exemplary application play subroutine cafledn steps 612 12Aand 

13A. respectively, and executed by the controller 100; 

FIG. 15 is affow chart shmang a procedure of a diargedplay r^ocess 700 shown as step 700 in FKB. 5. 
55 FIGs. 16A and 166 are flow charts jointiy showing a procedure fonned of exenptary expected diarge inforrrvig 
routines interactiveiy executed; 

FIGs. 17A and 178 are flow charts jointly showing a procedure formed of routines interact 
650 of FIG. 15; 
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FIGe. 18Aand 18B are fkw charts iointly showing a procedure formed of ex^^ 

report routinee interactivety exacuted for an applicafion while timing tfie duraixm and displaying a cha^ 
and a total amoM of charges after the play; 

FIQ. 19 is aflow chart showing a procedure intefBCtively executed by the dient 2 and the server 8 in tfie opemtion 
6 bkKk 800 dPia 5. wherein blocte connected with two fkw fines 
the two el^nents 2 and 8; 

FIQs. 20A and 20B are a toy^encrypting key table and a users pufaTic key table, respectively, stored In the seiver; 
and 

FIG. 20C is a flow chart of a process for obtelning the ^nation encr^3tkig key from the sender 8; 
10 FIG. 21 is a block diagram of an exemplary decipherer-Uiilt-ai IC card IF according to the in^^entfon; 

FK3.22isadiagmmshowingaKvd6COderusedinplaceoftheKvdecoder 126ofRG.21 inasystemi uskigthe 
cryptosystem of FIG. 20C; 

FIG. 23 is a diagram for oqpltinihg the meanings d the termsK>fH^ 
ues; 

IS FIG. 24 is a btock diagram showing an anrangement of a system for pl^ng a dtstrix/ted appScation package on 
the terrr^ of use of the package without communicating with any server accor^^ 
merrt of the invention; 

FIG. 25 is a fk3w chart sdiematicaKy showing an ecenrptary control pn^ 
in Fia 24; 

20 FIGs. 26 Old 27 arefkiw charts showing an operation of a free pity mode shown In step 650a of Fia 25 in a 
deteHed form and a further detaM form, respectively: and 
FIG. 28 is a ffow chart 8h(Mnng «n operation cf a nmrt-attached picy rnode show^ 

DETAILED PESCRIPTION OP THE PREFERRED EMBODIMgNTTS 

2S 

For the sake of better understanding of the following description, ^ 

Charged information provided by an infonnation provider may be distri3uted off-line (m off-line dtstr&xjtfon) or on- 
line (in on-fine (fistrfoution). In off-line distrttaution. the charged intormatfon is recorded on package mecfia or recording 
media, and distr^ed through the sales network of the provider, that is. sofo at stores in the setfesne^A^ The pack 
30 age media incbde all sorts of portable reoonSng media such as various types of ma^ietic discs, a variety of opbcal 
memory discs (e.g.. CD. CD-ROM. DVD), and magnetk: tapes and cartridges. In online distributton. the chvged kifor* 
niation is transmitted via transnvssfon media from the servers at t^ 

aligned with the provider to the dient devfoe (e.g., PC (personal computer)} of the user who requested the charged 
ir^onmatjon. and stored in a recording media of the cfient (device). The transnyssfon media Mude ariy teleoonmrwi- 

3s catk)n channels whk:h permit data oomnuinicatfon between the serverea^ 
the transmission media ara hereinafter refen-ed to en bloc as Mistrlxitfon mecfia". 

The charged information may be any type of software such as music, movies, games, eta which are each refared 
to as an 'apf^tion'' without discrimration. The distributfon unit of charged infornHtion is referred to as a ^charged 
information pactaige' or an "applfoation package*. There may be included one or more appficattons in an ^cation 

40 package. 

The present inventfon relates toa system tor pernvtUng a user to useacfetributed appicatfon package on the tenns 
of use of the package with a higher security. 

Embodiment I 

45 

For the purpose of stmplidty. a first ifiustrative embodment wii be described in which padage mecfia, among otho- 
things. Dy^Ds are used as distributfon media. 

FIG. 1 is a btock diagram showing an anangement of a system for pemiitting a user to use the appricalk)n(s} 
recorded on a DVD on the tenns of use of the DVD wth a higher security acoordhg to the f irst illustrative entxxfiment 
so of the invention. In FIG. 1 . the system 1 comprises a client or DVD player 2 which plays a DVD 3. a teieconmjnication 
network 4, and a server 8 at a toll center of the provider 6 provides the application pac^ 

FIG. 2 is a (fiagram showkig an exenplary structure of an appltcalxn (or a charged informatkxi) package 20 
recorded on the DVD 3 used in the inventive system 1. In Fia 2. the appScation package 20 comprises at least one 
applkation 21 . a volume (or package) desaipta 22 conpriskig dato 
55 trdxitton descriptor 23 oomprishg data whch is detenraned mainly at the time of. e.g.. dtstrf button or sales after the 
pressing of the DVD 3. (The volume desor^tor 22 and the distrixition descri^ 

of the volume 20.) In this embocfiment it is assumed that a vokjme (or package) control program whtah controls the use 
of the applkation paclege 20 in cooperation with the sender 8 is included i^ 
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20. Thus, the application package 20 further comprises the package control program 24 suited for the terms of use of 
the package 20. The appficat)on($) 21 , the volume descriptor 22 and the package (or voiune) control program 24 are 
recorded in the data area of the DVD 3 at the time of marttifiacturing the DVD 3. while the distri3ution descriptor 23 is 
recorded in the burst cutting area at tfie time of, e.g., sales of the DVD 3. 

s FfOs. 3 and 4 are dagrams showing, in a detailed form, exemplary data sfructures of the volume descrptor 22 and 
the distrftxjtkyi descriptor 23. respectively. In FIG. 3. the volume descrptor 22 at least contains a vokmie identifier 
(VIDv) 25 which the title of the application package 20 Is probably used for and which is the same as the application 
Identifier if the package a volume 20 contains only one sppication: a provider identifier 26; volume creation date and 
tvne 27 which msy be used for the base point by which volume expiration data and time as described later is deter- 

10 mined; and volume effdctive date and time 28 indicative of date and time until which the ybUMm 20 is available. K the 
volume 20 contains more than one applications, the >^ume descrptor 22 further contains appl i cat i on identif iers 
{AIDa's)29. 

in FIG. 4, the dtstrixjtion desaptor 23 comprises tfie f ieUs of: a volume issue number (NO^.^} 30 wtiich contains a 
serial number giv^ to each of the distrlxited application packages of identical volume identifier (voh^ ID or title) 
75 VIDv ^6 ^^1^ ^ distributk>n; a server pMiQ key (PKe) 31 the data of which is given by the server 6 at a toll center 
of the piovider 6; a PK^ (user-public-kBy)-enorypted appHcation-encrypting loy (K^) 32; and sates date mi lime 33. The 
key PKe 31 field contains a key whk:h has been used in encr^ng each ^pGcation 21 in the package 20 and which 
has been encrypted with a user public key (PKu) of the user who has legally obtai 

are recorded in efl of the fields 30 through 34 at the time of distrtbutkin of the package 20, at the time of sates of 

20 the DVD 3 in this embodiment. 

The distributkm descriptor 23 further comprises the field 34 ol terms-of-use code (mode code) plus limit value for 
the volume (Urte volume Tmrvt value field) and. for each of the application IDs 29. the fields 35 of tenns-cfHise code plus 
limK value for the application ID 29 (appTicBiiQn Gmit value field). If terms of use are set ortly t> the volume 20. there is 
no need of the field 35. If terms of use are set to each appficatloa the field is enpty. 

2B FIQ. 23 is a diagram for ejqplttning the meanings of the temts-of-use (TOO) codes and tf^e ooaespondtng limit val- 
ues. In FIQ. 23. the terms-of-use code may be, ag.. one byte in length. The higher digit (X) of the TOU code «<ficates 
the target to which the terms of use is applied as shown in tadble 36. That is. higher di^ of 0, 1, 2.... indkate M the 
TOU codes beginning with those 6^ are for the entre volume, i^ication 1 . cppl'ication 2 and so on. The k)wer di ^ 
(Y) of the above mentioned terms-of-use code indk»tes the terms of use of the package 20 or the appficatkxi 21 to 

90 whkiithecodeis6et.andisdrectiyfolk)wedbyaooniespondinglRnitvalu^ 

the tems-of-use code (or TOU code)of OOH means, for example, that the volume 20 is usable freely after cfistiixrtkMi. 
TTw value "31 K means, for example, that the appl'icalion 3 to which the TDU 0^ 

of play duratk»i. The k)wer digit of 2H or more means that ttie volume 20 or the applfcatx)n to which tt>e TOU code is 
set can be used fre^ unta the corresponding limit value are reached. wtM disables further use. As seen from the 

3S table, the use-(imrting factors detemined by the TOU codes whose lower digits are 2H to 5H are the current date and 
time, the e)qplrHtk}n date and lime, the amount of used period, and the axess count respectively. 

Since the data of the distrtxrtion descrptor 23 can be set as descrbed above, thi^ 
the users with nnore fle}dbi% than oonventk)nal ay^m can provkJa 

Again in FIG. 1. the DVD ;teyer 2 comprises a controfier 100 for controling the entire DVD player 2; data bus 102 

40 corv^ed vnth the not-shown CPU (central processing unit), not-shown BOM (read*only memory). RAM (random 
access manory) 101, and EEPROM (electrically erasable programme ROM) 103 included ai the controller 100; 
hurmn interfaces ((Fs) 1 10 including input devk^es such as a keyboard, a voice reco7>itkxi de^. a mcnjse, a remote 
oontrotler. etc. ; an IC card kiterface (lf=) 1 20 for connecting the bus 102 with the ROM (not showi^ ki a IC card 5; a DVD 
driver 1 30 for readkig out the data recorded on the OVD 3 and for demodulating and en^or-oorrectlng the read data; a 

45 vkfeo and audio output IF 1 40 for receiving a MPEG 2 bH stream and ouput&ig a video and audio ouput signals; a 
display device 146; a loudspeaker 148, and a communicatkMi IF 150 for communicating through the ptbfic teleoommu- 
rvcatkKi network 4. The IC card 5 stores a us^'s password PW^ and a users secret key SKu which conesponds to the 
user^ public k^ PKu mentioned in conjunction with the PKy-encrypted AP-encryptaig k^ 

of the d'istrftxiton descriptor 23 recorded in the burst cutting area of the DVD 3. The video and aucfio output IF 140 
60 includes a MPEG 2 vkieo decoder 142 and a MPEG 2 audp decoder 144. 

Asforobtaira'ngtheDVDd, there may be some ways. If one is to buy a DVD 3. e.g.. at some book store a throt^ 
rnati Older, he g she has to twe the PKo-encrypied version of an appTicatw 

cuttffig area of the desired DVD 3 by notifying his or her publck^PKu which corresponds to his or her seaet key SK^ 
stored in the IC card 5. If one is a menp^ of a DVD dstribution service, he or she cai dbbam a tND with a PK^- 
55 encrypted AP-encryptkig key recorded without notifying the PKu each time of obtaining because he or she must have 
notified ttie PKu when he or she applied for the servk^e. 

In op&atk>n. the user first sets a desired DVD 3 ff) the DVD driver 1 30 of the DVD player 2, ^ 
mand to the DVD pl^er 2 through an appropriflde human F 110. fen response to a recef^ of the start command, the 
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(xvitrdler 100 reofs the volimw a^ol program 24 fr^ 

loadino the read prooram 24 into the RAM 1 01 of the controfler 1 00. and then exsodes the volume control program 24. 

FIG. 5 is a f bw chart of the volume control program 24 tor playing the ^ip6cation(s) 21 recorded on the DVD 3 
accoiding to the prhc?)te of the invention. In Fia 5, the oontrofier 100 foirt checks the AID1 field to see if the volume 
5 20 contains a single ^ication in step 500. If not then the controller 1 00 displays the c^jplicalion IDs in the field 29 and 
prenyls the user to select a desired one of the applicatlore in step 502. and wate 

appTication Is selected in step 504. the contnoOer 100 registers the appTkatm ID of me appScatm as the appncatk^ 
t>e played in step 506 and proceeds to step 508 to check the field 35 of the tenns^ 

tto selected application to see Kthe field is enpty. If so. the ONitroQ 100 proceeds to step 510 to read the vottmlanit 
70 fietd 34. 

On the other hand. H the test result is YES Bi step 500. then the cornier 100 regi^ ID as the appli- 

cation to be played in step 512. and reads the volume fimit value 34 in step 510. 

If the step 510 is completed or the test result of step 508 is NO. then the controfler 100 chede the tenns-ofHfie 
(TOU) code to see if the low«r digit of the IDU code is 0 in step 51^^ 
IS free of charge in step 650. and othen«semal« another check to see if the low^ 

if 60» the controller 1 00 plays an application in a usage-sensitive charging In step 700. and otheranse Of the lower digit 
of the TOU code is 2 or nxxe) pl€y an ^icatkDn only when the software m^er of a use^ 
value m step 800. On conpleting any of the steps or processes 650 throuj^ 800. the contnoll^ 
24. Tiftis. the DVD ptayer 2 plays a prospam specTied tyy the user aco^ 
20 code whk:h has t)een set to either the apptk»tkxi package or the sped^^ 

The processes 650. 700 and 800 are executed interactively with an associated server a The senm 8 need vari- 
ous data for executkig these processes, and store such data in the torm of tatiles. 

FIG, 6A is a clagnam showmg an exemplary stojctire of a volume data table stored in a servers, in RQ. 6A, Each 
of the reconfe of the volwne data table 60 comprises volume ID (VID^) and issue hto. (hKVJ fields. Tlie con*in^ 
2S VIDv and ^IOv^ serves as the user ID of the user of the application pa<*age^ 
60 has^ for the mentoers or 8ub6crit)ers of DVD distrixitton service a the 

example, a memk>er ID. a name, an address, eto. Each record further comprises a volume nmute meter field (VM- 
METERS containing a software meter play duration in minute which is attached to (or associated with) the volume 
20: a volurr» charge meter (VC-METE J oontakiing a softwa-e charge meter wtwch is attoched to the vokime 20 ; a 

so limit value (LVvJ containing a limit \«lue associated with the TOU code (e.g.. the effecfive date and tkne. the ^lowaksle 
expiration dale and time, the allowable access, etc.); a M value meter (LV-METEfVJ; an €93p6cation ID (AIDy+J field 
containhg the title of the appfication; an applkatfon nw^e meter (AM-METEfViJ fieW oontainng a software meter of 
play dilation in nunute which is attached to the application of AIDv^..; an appScatton charge meter (AOMETEfUJ 
field for a software meter of play duratfon in minute whkrfi is attached to ^ [tV^ 

35 conteining a lintit vafoe associated with 0ie TOU code: and a limii value meter (LV-METEfVj). 

FIG. 6B is a dagram showing an exemplary stmcture of a ^ication data stored si a server 8. In Fia 68. 
the applicatfon data table 70 comprises the fields of. for example, an c^icatfon oode (ACODEJ. an ^Dpfication title 
(AID J. a duration (D). a rate-per-access (RATE/ACCESS), an access count, a mimite meter, eto. The duration Is a 
period of time what it takes to piaytfie application. The rate per access is a charge for a play of the whole cqapGcation. 

40 which is used tor infomiing the user of an expected play duration prior to a p^^ 
unit time of pl^. which is used for the cafoUafion of a charge for an ac^ 

minute meter f ields contains the number of accesses to the appTtcation and a total amoimt of play time, wtvch are not 
necessary for the present invention but will be used in statistical caJcttetiais for the analysis of. e.g.. the tastes. 
FIG, 7 fe a diagram showing a stujcture of a server table 75 Stored ff) the EEPROM 
45 the fields of the table 75 comprises a server public key (PKJ. a server ID (SIDJ. a sen«r network address (SADDJ, 
eto. ^is tabte 75 is used lor associate the sever public Key (PKq) contain 
in the burst cutting area of the DVD with the ID and the network address. 

Play an Applicatiofi Free of Charge 

60 

The initial routines otthe processes 650, 700 and 800 are the same. 

FlQs. 8A and 8B are ftow charts of hrtial routines 80a and 80b whk3h are executed interactively by the dtent 2 and 
the server 8. respectively, at the beghning of the processes 650. 700 and 800. In FIQ. 8. the controller 1 00 of the cTient 
or the D\^ 2. in step 82. sends a sennce request with the nefwork address CADDc of th^ 
55 plus limrl value, the volume ID (VlOy). the issue nunfoa^ (NO^. the appKcation ID (AID^.^J. mJ other data toihe asso- 
ciated senw 8 the ID of virtikii is SID^ (SIDg is obtained from the ^ 
ttie D\rt) 3). and in step 92 waits for a response from the server (SIDJ 8. H there is a respo^ 
the cfient 2 proceeds to the next step through a circle wHh * A" therein. 
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On the other hand, in FIG. 8B, the server 8 of S\0^ receives the message from the dtent 2, that is. the service 
recpest and the acconpanying data and stores date k\ a predetermined location for subsec^ient use in step 84, Then, 
the s^ver 8 searches the t^ble 60 tcr a record wt^ contains VIDy ml NC\h in the volume ID and issue No. fields 
thereof, respectively in step 86. If the search is unsuccessful, then the server 8 adcte the record for VIDy and NCVi and 

5 f lis relevant fields with AIDy.^ and a limit value, if any, in the t^e 60 in step 88, and proceeds to step 90. Also, the 
search in step 86 is successfi^ the server 9 proceeds to step 90. where the server 8 selects a routine to ex^ 
according to the value of the IDU code and enters the selected routine tivough a circle with 'B*tf>eran. Intfascase. if 
the TOU code » xOH (x: an aft)ftrary HEX ninber. the letter H h the last position indicates that the preceding number 
is in hexadecimal), th^ a roi^ine for piayvig an application free of charge is selected. If the TOU code = xlH. then a 

70 routm for playinQ an appfication in usage-sensitive charging is selected. If the TOU code ^ x2K then a routine is 
selected which plays an application only if the sofhMare meter ^ 

FIG. 9 is a ffow chart showing a procedure of a free play process shmvn as step 650 in FIG. 5, wherein connecting 
adjacent tilocks Isy two flow lines incf cates that each block is executed interactively by a dUerit of CAOOe and an asso- 
ciated sender SIO« as shown h detaH later. If the TOU code is 0 in step 514 of FIG. 5. then the server (CADDq) enters 

IS the free play process 650 as shown in FIG. 9< and the client and the server (SIDq) execute the initial routine 80 in Nock 
660. In blod< 670. they exBCutes an expected play lime informing routine, that s. displays an expected play tsne before 
playing an specdied appffoatfon. In bfock 680. they exacute an applicatkxi play and ntetered pl^ time report routine. 
Since the routine 80 has been detailed in FIG. 8, the expected play time infonring routkie and the appGcation play and 
metered play time report routine «m1I be detailed in the following. 

20 FIGs. lOAand 108areffowchartsiok%showingaproceclure1orrnedofex»i[iplary expected p^ 

routines 97a and S7b interactively executed tsy the client 2 and the associated server 8. respectively In FIG. 108. the 
server 8 retrieves the diHatfon(Dn) of the applk:alion of AIDy^ from ^ tn 
the next step 92. the server 8 calculates an expected total annoum of play tinieaooorcfing to the value of 
SpecTically, if the lOU code is OxH. then the cliem adds the duratfon (^^ 

26 record identified by VID^ and NOy.i in the table 60. If the TOU code is axH (a: the applicatfon number of tfie specified 
appKcation in the volume), tfien the cSent adds tf>e duratfon (D^) and the value of the AM-METERv4^ field of the record 
klentdied by VIDy. MOy.)* and AID^.)^ in the table 60. Then tfte sen^ 8 sends the result to the client whose network 
address is GAODc in step 93. and ends tfie process. 

On the other hand in FIQ. 10A. the cSent 2 rec^ves the incoming messc^ or the value of tfie updated nrteter in 

30 step 94. In the next step 95, the value is displayed as the total amount of usage. Then ttte dier^ 2 ends the process. 
In ifxIatkQ a relevam nieter, a predetermined value of (kn^ 
1 0 (a preset value metering system). This an^angement is suited nnainly for such appTications as it fates a constant tnne 
to play, and wii not cause a problem unless the user dsoontinues the p<ay. Rom this point of view, it is preform to 
actualy measure the playing fwne in metering (a timed value ntetering system). However, it is also noted that the preset 

35 value m^ering systm is usefi^ in informing the user of expected play tane pria to an actu^ playing. 
FIGs. 1 1 A and 1 1 B are f tow cfttrts jointly showing a procedure fbrnied of exenrpla^ 
report routkies 675a and 675b intuitively executed by the ciient and the server, respectively, for t^aysig an appl i cation 
while timing the duiatfon and <£8playing a timed play duratfon after the play, in the routm 675, the client and the server 
can a timed applicabon-f^y subroutine for playing the appficatkm whBe timing the duratfon (play time) in step 200. 

40 Then the server 8 proceeds to step 210. where the client updates a relevart meter acoordng to the TOU code in 
^ same manner as in step 92 of FIG. 1 0B. Specificatty.H the TOU code is QxH. then the play tsne is aided to tto 
of the VM-MFHER^i tieU of the record foentif led by VIDv and NO^i in the table 60. If the TOU code is axH (a: the appG- 
cation nimt>er of the specified application in the volume), then the play tkne is added to the value of the AM-METEIV 
fiefo of the record ident^led by VID^ hKDy^.and AiDv4.ainthetable6C.Thentheserva88erKtethepl^tkneandthe 

45 value of the t4xiated meter (i.fr . the total amount of play time) to the client wfxise network address is CADD^ k\ step 
212, and ends the process. 

On the other hand, the client 2, after step 200. make a test to see if there is a response from the server of SID^ In 
step 214. This step is repeated until the dient 2 receives a caK from the server 8. when the client 2 receives the incom- 
ing message cx' the value of the updated meter in step 216. In the next step 218. the client 2 displays the pl^fime and 

60 tt^ total amount ol play time, and then ends the routine 675. 

FIGs. 12A and 128 are ftow charts jointly showingaprocedure fonned of ecen^ 
tines 20Sa and 205b executed the dient 2 aid the senw 8, respectively, for playing the ap timing the 

duraltoa The server 8 of SIO, warts for a notice bi step 611 to see if the dient has started playbig the application. On 
the other hand. thedient2of CAOOe informs the server of a start dpl^ki step 610 and lmme(£ately call mi^icatfon 

66 play sut^outine in step 612. This, causes tfie server 8 to start a timer in step 613. arxfwm^ 
from the cSenl 2 in step 615. On completing the step 612, the cUert kifornis the server 
In response to this notice, the server 8 stops arxi reads the timer as the piGy tnfte in dep 61 7. Aft 
the cfient and the server retura 
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Though the above descrbed anangemem has use^ 
client. 

FIGs. 13A and 13B are flow ch»ls jointly showng a piDcedure formed of c^mative «med appfaatiorvpiay sUxou- 
tines 205ac and 20a)c interactively executed by the client 2 and the server 8, respectively, in which tinwig of i^y time 
is achieved with a timer in the client In the e^emtive subroutine 205a. the diertt 2 starts a timer in step 620» calls an 
application play routine in step 622. stops the timer in step 624. sends tfie play time to the sender 8 in step 626. and 
then returns. On the other hand, the server 8. on entering the sitexjtine 295b. waits for a caU from the cfient of CADOc 
in step 621. If there is a call from the cfiem 2. then the sender 8 receives the pla^ 

However, the an-angement of FIG. 13 has a possbifity of pemtitltng a mala fide user to mar^pulate the timer erf the 
cHenl 2. Rom tNs po&it of view, the arrangement shown in FKa. 12 is prefer^ to thai of FK3. 1 3. 

FKB. 14 is a flow charted an exemplary appScation play subroutine caled^ 12Aand 
13A. respectively, and executed l3y the oomroU^- 100. 

Prior to the descrption of the flow chart we define some notatiOT 
ing X with a key EK acconding to an encryptffig algaithm e yields Y. 

e(EK.)Q«Y 

Simaarly. if decrypting Y with a k^DKaocordng to a decrypting algorithm d yields Z. then it is e)ipre8sed as: 

d(DK.Y)xZ 

Aesuning that the algorilhnw e and d and the Keys B< and DK con^espond ea* 
that 

d(DK,e(EK.X))-X 

Returr^ng now to FIG. 14. the controller 100 read tfie PK^,-encrypted appKcation-enorypting (AP-encrypting) key 
(Ky) or el(PKu. Ky) from the taed 32 d the distributkm descriptor 23 of the DVD in 6t^ 

v-l,2.....V. 

where V is the number of kinds of the c^icatk)n package. TY^ indicate 
through is assigned to respective kinds of appScations, that is. volime VIDI through VID^ 
In the next step 604. the user secret key SKu is read from the k:: card 5. In the next ^ 
AP-encrypting key el (PKu. K^) is decrypted with the user secret key SK^ to obtain the applkatkm enorypting key 
Then in the next step 608, the K^-encrypted application (AP). i.e., AP) whk:h is recorded on the DVD 3 is decrypted 
with the obtained AP-^ncryj^ng key to obtain d(Ky. e(Ky, AP)) - AP . wt^e passmg the obteined appi walkxi data 
to the video and audio output IF 140. The obtakied appficatk)ndatahasthetormof an MPEG 2 bit stream. The video 
and audk) output IF 140 converts the MPEG 2 bit stream of the application data into video and aucfio ou^ signals 
through MPEG 2 video and audto decoding. The vkleo and audio ou^ signals are ^spfied to the displ^ device 146 
and the toudspeaker 148, respectiveiy. 

P\ajf an Appl»atk>n in Usage-sensitive Charing system 

FIG. 1 5 is a ftow chart showing a procedure of a charged play process 700 shown as step TOO in FIG. 5. wherein 
connecting acSacem bkx*s by two f Km Ibies indicmes that each block is exec^ 

an associated server of SID,. k\ FIG. 15, the dient 2 enters the process 700 via step 516 of FIG. 5 and proceeds to 
block 630. where ttie cfient 2 and the associated sender 8 execute the initial routkie 80. In the next bkxdc 640. the cfient 
2 displays an expected charge and a total amount of charges received from the server 8, and let the user decide 
whether to play the desired applicatton. 

FIGs. 16A fflid 16B are flw charts jokitty showing a procedure formed of exemplary expected charge informing 
routines 640a and 640b intOTctively executed by the client 2 and the assodaied swver 8. respective. The routines 
640a and 640b are very similar to the routine 97 except that in the routine 640. f^ (D J or "Way time" has 
been replaced with RATE PE R ACC E SS and "charge" ; between steps 92a and 93a, there been added a step 641 
04 the sender generating and storing a pseudo random nuni>er R in a memory k)cati^ 
the pseudo random number R as waH; between steps 94 and 95a there has been added a step 643 of t^ 
the received pseudo random number R in a memory locatkm R" for subsequert use. The replacement of DURATION 
(Dn) with RATE PER ACCESS is achieved by accessing a RATE PER ACCESS fieU 74 instead of a DURATION field 
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73 in table 70. Further, \n the routine 640 there have been added the Mowing steps: m step 644 foOcMAng the step 96a, 
the dien) 2 makes a check to see if the user decides to play the app6cation; if not. the cSent 2 sends a qJiX message to 
the server of SAODg bi step 645, and ^ids the routine 640; on the other hsid, in step 642 lollowinQ the step 93a< the 
server 8 of SID, waits kx a call from the dient 2 of CAODc; on receiving a call fr^ 

9 check in step 646 to see if v4iat has been received is a qiit message; if the 

user decktod to play the appiiCBlkxi in step 644. which means that what tfieserm has received is not a quit message 
but an encrypted credHcafdnunt)er as seen from the descrpttonbekiw. then the diem 2 and the 
' the step 650 of FKx 15. 

In the next blod^ 650. the server 8 obtains a user's aedrt caid nunter (CCf^) throu^ ttie dient 2 keeping the 

10 security of the card number as shown in FIGs. 17Aandl7B. In step 647. the dient 2 encr^ the crecftcaid number 
of the user wt^ch has been input by the user through a human IFIIOwithakey. L&.the pseudo random number R 
whk:h has been stored in a memory k)cation F^" in step 643 of FiG. 16A to obtain e2(R, CX)NOu). In the next step 648. 
the dient 2 further encrypts B -t- e2(R. CCNOu) with another key or a sen/er public key read fnxn the distributnn 
descriptor 23 recorded in the burst cutting area of the DVD to obtain 

16 e1(PK^ R + e2(R. CCNOu)). 

In the next step 649. the dient 2 sends the m^ypted data to the server 6. Thri)i^ step 646 d 168. the server 
proceeds to step 650. where ttie server 8 finds that what was received from ttiedierrtCAODc is « 
next step 651 , the server 8 reads a sen^ secret key SKe fron an C caid 7. in the next step, tte 
reottved enaypted data with the server seaet key SK^ as folkwvs; 

20 d1(SK^ encrypted data) x d1(SKe, e1{PK,. R + e2(a CCNOu)) » R + e2(R. CCNOu). 

In step 653. the server 8 nriakes a check to see if the just otTtatned pseudo random nurrto R GO^ 
nun^RwHch has been stored in a menK)fy tocation R* of the server, if so. the server 8 sends an enable message to 
the cSent of CADD«. aid in step 856 decrypts e2(R. CCNOu) with the pseudo random nunter R to obtain the usee's 
credit card number CCNOu. On the other hand, in response to a receptton of the enable message in step 657. the dient 

2S 2 exits from the process. Alter step 655. the server also exitB from the process. lftheresti1tsNOHistep6S3.thenthe 
server 8 sends a disabte rr^essage to the diem in step 656. and ends the process. In response to a recep^ 
able message in step 657. then the diem ds^^ays a tnessage to this effed in step 658. and th^ ends the p^ 

After operatton of bk)ck 650. tfie diem 2 waits, in step 663. for a report from the server on wh^her the credit card 
for the transmitted caixl nunt)er (CC^JOu} is valkj or not while the sew 

30 the card nmtoer in step 661 toseeiftheaeditcan:lisvalkJ.if not,1heserver8intonn5thecliem2of theinv^^ 
the credit card in step 662. and ends the process. If the card is vaUbi step 661. the server 8 intorro the client of the 
validty in step 667. If the diem 2 receives a report from the sen/er m step 663, the diem makes another died( instep 
664 to see K the report indicatesthevalkfity of tfiecard. If noimecTiemdisptayamessagetoBV^ 
step 665. ard &Yis the process. If the report indicates the validity in ste^ 

3s then tfte di em 2 and the serv^' 8 proceed to the next block 670. 

In step 670. the cfiem 2 and the server 8 execute tirtiedpfay and metered diarge report fou^ FIQs. 18Aand18B 
are f tow charts jointly showing a procedure fornied of routines 6758c and 67Sbc kiteractively executed tor playing an 
applicatton whae timing the duration and displaytog a charge and a total amoum of charges after the piay. In RG. 1 8. 
the routines 675ac and 67Sbc are kfenticai to the louline 67Sa and 67Sb in FIQ& 1 1 A and 11 B except tfiat *time* has 

40 been replaced wm 'charge", and accofdingly VM-METER and AM-A£TER have been replaced with VC-METHR and 
AC-METCR- 

The operatton, in the diem 2. of pla^ng an application on usage-sensrtive charing is oonpleted by btock675 of 
FIG. 15 or step 218a of FIG. 18A. After step 212a the server 8 chai^ges the play to the aedit card nuitoer CC^ 
obtained in step 655 of Fia l7Btfi8t6p680. Tliisconpletes the whoto of the chaiigedapprK:atkmplEy process of F^^ 

46 15. 

In this process, only irA)rmation on charge is giv^i to flie user. It is very easy to provide hbrmatton on botfi tirne 
and charge by adding steps 91 Itvough 93 and 95 to the routfenes 640b and 640a. and ^ 
the routines 675bc and 675aa 

As desatoed above, expected time apdJor chs^ge are (ts) displayed before ptaying a user specified appScatkxi. 
60 This is h^ul for the user to decide whether to play tfie application. Additionally, chaining is done based on tfie actually 
tkned play duratton. This makes the charging reasonable. 

In the above descr^ition. ttte arrangemem is such that the user has to orpU 
each time he or she mnts to play an appGcation. However, instead of doing this, the credit card nurTt3er CCNOu may 
be stored in non-volatile memory or EEPROM 103 in a PWu-encrypted form. In this case. CChOu is obtained by 
55 decrypting PW^-enaypted CCNOu (e.g.. e(PWu, CCNOu)) with a password entered by the user. That is. d(emered 
password. e(PWu. CCNOu)) - CCNOa 
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Permit the Play Wlth^ a Preset Limit 

FIQ. 19 is a flow chart showing a procedure interact diem 2 aid the server 8 in the operation 

block 800 of FIQ 5. wherein btocks connected with two flow lines indicales that opaation of the btocks is done by the 
5 two elements 2 and 8. in this case, ft is assumed thm a preset limit Is recorded in or on the i4}plk^^ 

transmitted from dient 2 to server each time of play. On entering the process 800 via step 515 of FIG. 5. the dient 2 
proceeds to step 801 . where the diem 2 and the server 8 executes the initial ro^ 

If there is a record for VID^ and NCVh then the RmH vidue (LV^i) field of the table 50 of FKl 6A contcins the Unit vakie 
transmitled from the cfiem 2. othenwise. the received Kmit value is stored in the LVy^ field when the record 
'0 NOv^ is added In step 88. 

In step 81 0, the server 8 mstfoes a check if a meter assodaled wrth the TOU code rece^ 
the Ifftiit value. This check is made kyconparing an LV field arid IV-mderfieW associated 
eo. if tiie value erf the LV-meter is equal to or greater than the LV field value, then the server returns an over Iwrti mas- 
sage to the diem 2 in step 820. If not, the server 6 returns an underlinntniessage to the diem 2 in step 822, and ^ 
T5 ceeds to step OB. If the cliem 2 receives tie overlBTiit message in step 824, then the c^ 
effect ff not the diem 2 proceeds to the step 828. 

Since the e)q3ected play time infonnhg routines 97a and 97b and the application play siisroutm 600 has been 
desabed above, the description of steps 828 and 830 are omitted. 

According to this feature of the invemk)n, it is possMe to limit the use of charged in ioi i nay oi t TOs feature is espe- 
20 ctally useful in case when a user Who have paki in advance fcr the use Of the 43pl^^ 
the application package wimin a timrt value. 

Thoufih it has tieen assurned that the limit values are induded i^ 
kept h the servers of the provider or distrtouter from the beginrwng. In tNs case, the Iknit vakies are foced. However, if 
limit values are permitted to be set and recorded in the appKcatkm package at the time of distrSaution or sales, the limit 
2S values are advantageously set accordbg to an amoum paid. 

As is apparem from the foregoing, as a limit value, any use-limiting factors will do that can be measured vi quantity. 
Such Iknrt values are, for exanple. the effective date mi time, the aUowaUe expiration date and time, the maxmrnt 
amoum of play time, the aioMBfale aooess count 

It is also possarfe to C0Rt)ine this feature with a charged application play feature. That is, an ariangemem may be 
90 such that the user is perrrvfted to use an ^icatkxi package on usc^ie-sensitive char^r^ only the value of an LV- 
meter assodated with the TOU is under the value of the coffespondffig LV or the 
the distrt)utk)n descriptor 23. 

Modification i 

36 

In the above ernbodment. applk»tk)ns, if more tfian one. In one volume are encrypted by an klentteal applicatk)n 
encrypting toy However, the €pplk»ttens ^ in one vol^ 
h^, where a kwer case V fdlowing AP and K is a serial nurnber assign^ 
the AP-encrypting keys are encrypted with the user pubfic key PK^ 
^ key (Kjriek3ls32ainthedi8trtxitk>ndesoptor23. 

Modifffiation 11 

It tes been assumed that the user 0* the DVD 3 is Kn^ed to the puchaser thereof %^ 
45 AP-encrypting key (Ky) recorded on the DVD 3. However, the system rnay be so arranged that predetenrtned people, 
e.g., famay members FM^, FMg...., FM^ of the purchaser can use the DVD (N is the numt)er of the fan% menders). 
One of the ways to realize this is to encrypt the AP-encrypthg key wi^ 

. 1. 2...-.N) to obtain el(PKu.i. K^). e1(PK^^2. K,) «1(PKu^„ K^) and to record them in the PKp^^encrypted AP- 

encrypting key el (PKu^.K,^)fiefcls 32of the distributk)ndescrv>tor 23 at the time of purchase of the DVD. 

50 

Modrficalion III: Retrieval From Server 

In the above description, the AP-encryF*'ng key Ky has been recorded in a PKy-encrypted form on tie DVD 3. How- 
ever, the AP-enwypting key may be managed by the server Sand transmWed to the diem a the DW 
55 response to a rec^jest issued from the DVD player 2 each tkne of use of the DW) 3, In tt^ case, there is no need of 
proflding thedistra)utk)n descrplor 23 with the PK^-encrypted AP-encrypting key fieW 32. instead each erf the servers 
has to store an AP-encrypting key taWe (or Ky taWe) and a PKu taWe (shown in Fl^^ 
shown in FIG. 20A. the K,, table a volume ID (VIDv) fieW (as the emry of recoreO and ^ 
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each record. In FtO. 20B, each record of the PK^ table compnsee a vokmte ID (VIDy) ft^ (as the entry of record), a 
vokjme isGue nmnber (NOvi) f and a PK^ f ieid (Successive same values in the first f ield are shown by shomr^ only 
the f Hist appearing one}. Further, the process (a step) 610 of obtaining the AP-encrypting key fliat is, a gro4> of the 
steps 602. 604 and 606 in the application playioutine 600, has to be replaced wfth a process of FKB. 20C. 

B FIG. 20C is a fkMv chart of a process in which the cfiem DVD player 2 obtains the app^ 

the sender 8. fen step 61 6. the server 8 retrieves a key from the fi, We by using Vl[\. In the next step 61 8. the key 
is encrypted wHh an artirtrary nunft)er used onf y m the ct^ent pr ooess. e.g.* a pseudo random nunber R to obteui 
^(R.Kv). h the next step 620. the server 8 retrieves a key PK^ from the PK^t^ by rea^ the Pl^ field of thereof 
which coTtalns VIDy and HO„.i in the VIO^ and MOy^ fiekte. respectively In the next step 622. R + e2(R, fC^) is encrypted 

10 with the retrieved key Pl^ to obtain a doiisle encrypted AP-«v^ 
e1(PKj,.R + e2(R.M. 
which is returned to the client wnth a client network address CADDc in the next step 624. 

On the other hand, the controfler 1 00 of the dient 2 waits for a response from the server 8 of SI Dg in step 626. If 
there is any response from the server 8 of StDg in step 626, then the client DVD 3 receives the data el (PK^, R -f e2(R. 

15 Ky)) from the server 8 in step 628. In the next step 630, the received data is decrypted with the user seaet key SKy read 
from the IC card 5. SpedficaJly, the ^^Oowing cakxilatkyi is dona 

d1(SKu. e1{PK«, R + e2{R. K^))) «»> R + e2(a K^) 
In the next step 632. e2( R. K^) is decrypted wHh the otjtained pseudo random number R. Spectfically, the lolowing cal- 
Gulatk)nisdone. 

so d2(R, e2(a K,)) «=> K, 

Thereafter, the controfier 1 00 proceeds to the step 608 of FIG. 14. 

IntNs niodifk»tk)n. the appticatk)n&APa in one volume may be encr^ 
In tt8S case, the t^e has to be replaced with table in which each reooid coiprises an applicatkm ID (AID J fteM 
and an AP-encryptirig key (KJ field. Further in step 612. the oontrotter 100 of the DVD pl^ 2 has to also send the 

26 applicatkm ID of the ^Scatoi to be played to the senrer. 

Also ki this modlficatkyi. the system may be. again, so arranged that predetermined people, e.g.. famHy members 

FM^. FM2 FMfij of the purchaser can use the DVD (N is the nunft)er of the tamtfy members). In tNs case, for each 

noemberFMn (n« 1.2 ^4).th6se^ver8h8Stousetheme^t>er'sownpub6ckeyPKu^inerlcryp(ff1gthe^ 

irig key Ky^ One way to realize this is to issue a volunr^e issue number 

so of the DVD. pro/ide the non-volatite memory (not shown) of the DVD player 2 witti a table for associalHi g the usei's 
password PWn with the volume Issue number NO^^. send the volume Issue number (NOy^fO associated with the 
user's passwoid in step 612. and t»e not the PKut^e but a Pl^ table in which each d the reoonfel»s the iolk>w^ 
fiekls: 

VIDy, N0,4„. PK^„. 

35 Anoth^ way is to issue and record not only a volume ^sue nuvnber NOv.) but also family member m^ribm FMNn for 
ail membefs at the time of sales of the DVD, provide the non-volatile memory (not shown) of the DVD player 2 with a 
table for associating t^l6 user's pass^vord PWn with the correspoTKfing 
issue nunt)er (NOv J and the fianriily niember ntjni}er FM 
another Pl^ table in whk3h each of the records has the following fields: 
40 VIDy. NOv^. FMHty, P\^^ 

In the process ol FIG. 20C. the sender 8 may be authenticated by means of a pubfic-lo^ cryptosystem using a pair 
of sender seaet and pubte k^ (SK,. PKJ. In this case, to sender 8 s^is the doUile-encrypted AP-encrypting key 
e1(PK^,.R + e2(R.Kv)) 

with a signing key or the server secret key SK^ after step 622. Whto the client or DVD player 2 tests the signature fay 
45 the sen/er 8 with a test key or the server pubfic key PKs contained in the Pl^fi^ of the dislrixifion descriptor 23 

recorded in the burst cutting area of the DVD 2 before step 630. 

However, even rf just described authenticatx>n of tt^ server 8 is omitted, an attscKer wi never go to any greater 

length than asteal of lOU code plus imit value, a volimie ID VID^. a volume issue nirnber NOy^. and the dmt ne^tanfotk 

address CADDc. This is not a serious problem. 
so In the process of FIG. 20c. a pseudo random nimiberR has been used as a pseudo vari^3iewhi^ 

value each time of executkm of the process However, as the pseudo variable, any tf^ 

wth it takes a <fif^enl value each time of executk)n of the process. 

Modification IV 

55 

In the first fllustrative embodiment, the decryption of £^katk>n is achieved software For this purpose, the con- 
trover 100 has to read the user secret key SK^ from the IC card 5 through the bus 102. which leaves the possibility of 
permitting a breaker to easily steal the user seaet key Sl^ through the bus 102. In Older to pr 
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achieved by the steps 604 through 608 may be realized by hardware as shown in FIG. 21 . which is a block (fiagram of 
an exemplary dectpherer-ixiiltHn IC card IF. In FKB. 21, the dec^dho-er^itHn IC card IF 120a oonprises anIC card 
reoeptade 121 and a primed wiring board 122 exterxing from arKi fbeed w^ 

on the prkited wiring board 122. The IC 123 comprcses a memwy IF 125 which usually connects the memory of the IC 
card 5 with the bus 102 and. in response to an instruction from the controller 1 00. reads and passes the key SK^ to the 
next stage; a decoder 126 for receiwno the key Sku and encrypting cl{PKu,Ky)wfththekBySKutoyi^K^;andan 
AP decoder 127 for receiving the key and encrypting e(K^ AP) to yieW appficatkm data <AP). The printed wiring 
board 122 portkin nay be preferably nuMedtogettier with the K) card recep portfoneoastomakethewhole 
a single body. By docng this, leal^ of the user secret key SKu can be prev»ned. 

TT«s modification can be also appfied to a s^em 1 using the cryptosystem of FKl 20a in tWs case, the 
decoder 126 of FIG, 21 has to be replaced with a decoder 126a as shown in Fia 22. In Fia 22. the decoder 
1 26a decrypte the input data, el (PKu, R + e2(R. from the bus 1 02 by using tf^^ 

memory IF 1 25 to obtain R ^ e2(R. K.,), whHe decrypting the obtakted data e2(R. K^]) wth fhe obtained random rwter 
R and outputting the key Kit 

Embodiment II 

FIG. 24 is a bfock diagram showing an arrangement of a system capable of playing a dte^^ 
age. e.g.. a DVD on the terms of use of the DVO without communicating with any server aooonfing to a second illusfra* 
tive embedment of the invertfon. In FKl 24, the system la is identxal to the dient 2 of FIQ. 1 eocept that the 
comn«jnk:ation IF 150 has been elinfinatad because of no need of com 

has been replaced with a controller 100a. In the contrcto- 100a, a not-shown ROfi^ for storir^ a control proyam as 
descn'bed later aid the EE PROM 1 03 have been also replaced with a new f=CM (not show) and an EEPRCW 1 03a. 
In enter to play a role of the server 8. the system la has to have table 60 of FIG. 6A in any no^ 
fhe EEPROM 103a »Kl an applfcation duratwn (play time) for each ap^ 
be included in the control data of each appicatfon packaga 

FIG. 25 schematicdiy shows an exemplary control program executed by the controller 1 00a shown in FKSi 24. The 
conW program of Fia 25 is also kJentical to that of Fia 5 e>a»|^ that the dedsk^ 

eGminated because the limit-attached play mode is not supported by the system 1 a in this embocfiment and the steps 

650 and 800 are replaced wHh steps 650a and 800a. Acoordingty, Qper^ 

lOMng. 

If the lower digit of the terms-ofHiseCTDU) code is 0 in the decisfon step 51^^ 100a 
plays. ^ tie free f^nfiode, the appTication stored in the selectadQ^^ 
K shoi*j be noted that since the system la does not have the charged jrfay nw^ 
defined as totfows. 



Wflher digit of terms-ol- 
use code (Haxadedmal) 


Conesponding fimrt value 


Play mode 


0 


Hotxe 


Free play mode 


2 


Effective date and frne 


Un«t-«ttatihed pi&y mode 


3 


Allowable expiratkxi date and time 


4 


Maximum amoiHtt of used perfod 


5 


Alkiwebfe access count 







Accordingly, if the lower di^ of the TOU code is not 0 in the ded&on step 51 4, then ri stsp 800a the controfler 1 00a 
plays, in the Hmit-altached play mode, the applkatfon stored in the seiecled appfkiatton in step 506 or 512 and ends ttie 
opeiHtfon. 

FIGs. 26 and 27 show an operatfon of a free play mode shown in step 650a of FIG. 25 in a d^^ 
ther detaited form, respectively. In FIQ, 26. the controller lOOa executes m Initial routine 80a in step 660a» in st^ 670a 
executes an expected play time infonming routine, and in step 680a executes an applicatfon play and metered play time 
report routine. 



12 



EP0840194A2 



As shown in FIG. 27, in the Ma\ routine 80c, the contnotlef 100a searches the tatie 60 for a reoord which oKitains 
VIDy and NO^ in the voHime ID and issue Na fieids thereof, respectively n step 86. (f the search is unsuocessfii. then 
the oontroHer 100a adds the record for VIDv and hl0^.i and fills relevant fields with and a limit value, if any, in the 
table 60 in step 68. and proceeds to step 90. Also. If the search in step 86 is suocesshJl. the sen^ 9 proceeds to step 
5 90. where the controller 1 00a selects a routine to execute next according to the value of the 10U code and enters the 
selected routina !n this case, if the TOU code bxOH(x: an arbftmry HEX nuntoer, the letter H In the last inci- 
cates that the preceding number is in hexadecimai). then a routine for playing an ^jpiication free of charge is selected. 
If the TOU code ^ xl H. then a routkm is selected which plays an applicatnn 0^ 
factor is under a preset valua 

TO The e99>6Cted pity tkne informing routine 670a is idertical to the rou^ 10} nrnusoommurecation steps 

93 and 94. coni3rising the above described steps 91 . 92 and 95. Simaarfy. it is seen Irom FIQs. 11 and 13A that the 
above desaibed steps 620, 622. 624. 210 and 218 are executed in this order in the timed pteiy and ntetered usage 
report noutkie 680a. h this way. the system 1a pernvts the user to play the appfication stored in the selected applcatfon 
(steps 506 and 512 of FIG. 25) free of charge. 

IS FIQ. 28 is a ffow chart showing an operation of a limit-attached play mode shown in step 800a of FIG. 25. Since 
this operation is very similar to that of FIG. 1 9. or^y the flow is briefly described, omitting the details of each step. In FIQ. 
28. controller 100a firetmal« a check If a meter associated %vith the lOU axle has reached^ obtained 
with the lOU code, ff so. then tfie server returns an overlimit massage to oontroHer lOOa in step 820. OthenMse. the 
controSer lOOa proceeds to the expected ptay time infonning routine 828a 670a). where the controller 1 0Oa executes 

20 the above descrbed steps 91. 32 and 95, and then caHs the apF^icatiaipfoysubrot^^ 
pCeting the operation. SkKe the appficabon play subroutine 600 has been detaa^ 
In thte¥wy, the system la permits the user to play the ^jpTicaions^ 
of Fta 2^ only if the Imt value associated wth the TOU code assigned to the v^ 
has not been reached. 

25 Aooording to the second embodiment the system la can operate in eito of the free play mode and the limit* 
attached play mode wittKiut the need of conmjnicatfon with a server portabl& 

Mocfifications 

30 In the above descrption. the Hhetrative entxxfiment has been deserted in oorijunction with the DVD. The same 

discussion can be applied to such pad^e media as perniit write once or more. 

Ftgther. the presort imwttion is also applicabte to apftotionpack^ InlNs 

case, the distri3uted appTication packages are stored in a bu8( storage 'u\ the usei^s devfoe. An s^spHcation package 

comprises one or more appfication and applicabon control data, that is. an appticatk3n descriptor and distrtxitfon 
36 descr^Mor. One volume e stored as a fila Since a pforality of appycatfon package may be stored in a single storage. 

each applicatfon package does not have to contain a control prograni One CO 

via either package or tiansnwsion niedia, Is enough for one user dev^ 

packages ere stored is set for a user specified one in the control program when the control program is installed. The 
data to be reoofded in the dstrfoutfon descriptor is induded in the application p^ioge by the poMderaocortfing to the 
40 information given by the user. 

As deserted above, one who ts permitted to use an a^ication package is Rmrtad to an owner of tf)e 10 caid which 
stores a t^er seaet key SKu conresponding to the user pi^ic key PKu used for tficryp^ 
in the applicatfon packag e. For this, even if someone has uniustly obtained an ^)p6catfon package, for example, by cop- 
ying the whole voltmie from the DVD on whfoh te volume fo recorded, he or she cm 
45 the (Mmer of the OVD. Thus the inventive system can prevent unjust use of an application package (DVD fo this case) 
by any other person than the regular owner of the applicafion package 

Also, the ffiventive system is so arranged that most part of the cpplicatfon package is recorded by pressing in man- 
utactiffing process of ttie DVms. whereas at least a part of the volume control data . the dstributfon descriptor) can 
be determined at the tkne of. eg., distrfoutfon of each of the DVDs after the manuiac^ 
50 tem flexible because contR)! data can be easily changed without changiigte 

In the initial routines 80a and 80b in FIG. 8A and 8B. the data transmitted with the sennce request may be 
encrypted in the saniernanner as in case of the tmnsmesfon of user's aecAcanjni^^ 17. However, 

incaseoftheinitiaf rou6nes.t^^ere are a plurality of data. These data rnay be e nc rypted in tefblto^^ 
If the data to be encrypted are D1. D2.... then they are ftrst encrypted with a k^R as foOows: 
55 e2(R.D1).e2(aD2).... 

Thenfurttier encryptfonis made with a s^ver pubGc key PK^ as follows: 
e1(PK8. R 4 e2(R. D1) + e2(R. D2).....). 
In the process of FIG. 1 7. the user nny be authenticated l3y means of a pubfic-^ cryptosystem using a pair of 
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user secret and public keys (SK^. PKJ. In Hfus case, the dimt 2 signs Ihe double-encrypted credit card nunter 

el(PK^R + e2{R.CCN0u)) 
vvith a 8i£r)ing Key or the user seaet SKu aner step €4a VVhIte 
test key or the user public key PKy before step 650. 

Instead of stormg a s^Kjle server pubik; key In the distrtbuti 
the server pUific keys may be recorded. By doing this, it Is possible^ for ex^^ 
on the server piridlic key which the user have selected by apprapM 

Also, appficat k)n packag es with an identkal volume I D can have different server public keys recorded . A pi i^aiity of 
toll ceriter may be advantageously provided for appfication padoges of the s»^ 

In ordertoprevemanyuseof IC card t)y other person than the ovmer of the K:c^ 
the Sku reacUng step 604. the steps of pronpting tiie user to emer a passivo^ 
to step 604 only if the entered passviml coinckJes ¥inth the user pas8M^ 

Though the IC card 5 is used In the ito/e embodiment, the IC card IF 120 may be replaced with a ni6«(netk:caid 
reader to permitting the use of the magnetic caid. Atternath^^ 
or her passiwond each time the user uses the DVD. 

Instead ol storing the user secr^ key SK^ in the IC card 5, the key Sku may be stored m non-voJatiJe memory tn a 
PWy-enorypted fona this case, the key SK^ is obtained by decrypting PWu-encrypted with a password entered 
by the user 

The discussion of three preceding pai^yfBphs arei4}pfied to the IC csffd used for storing the senw secret key in 
the senrer. Homver. in this case the user has to be taten as the adnw)^^ 

Many widely dtfferem embodiments of the present ^entkxi may be oon 
and scope of the present inventfoa It shoufo be i^iderstood that the present mventfon is not Rmrted to the specTic 
entedknern descrft)ed in the spedfk»lkm 

A system for permitting only an authentic user to play a d eslred appficatton contained in a distitxited application 
package in one of predetermined operatfon. e.g., free play mode, charged mode, fimit-attad^ed play mode. ete. The 
system comprises a diem for playmg an applicatkm under the oontrd o^ 

cominuitic a tfon network. The appBcatfon package (the volume) includes a dfetrtoutfon descriptor wtnoh contagis mode 
codes assigned to the volume and the applkations of the vokime. The data of dstritiution descrptor is deckled and 
stored in the desafptor m the time of distrfoufion of the vokime. This foa^ 
discfosed a system operataUe vtfithout convminkaBAing w^ 

Claifiis 

1 . An applicatfon package for use in a system for playing an applicatfon contained in the applfoation pactege (the vol- 
ume), the applfoatfon package comprising: 

applicatfon data for at least one appTtcatfon; and 

volume control data for use in controlltfig said system, wt>erein sakf vofome control data at least comprises: 

a vokjme ID for ider^ng the kind of sakl application package (said votun^e); 

an issue number assigned in order of issue to each of the volunes of said Wnd; and 

applicatfon IDs each assigned to one of sakl at least one applkartfon c 

at least a part of sakj volume control data is to be added to sak! voltfne after the or^^ 

safo at least a part of said voyrie osntrol data indudes sad issue nixnb^. 

2. An ^3plicatk>n package as defined tn daim 1 , wherein: 

safo applfoatfon data has been encrypted with an encrypting key; 9id 

sakl at least a part of said volume contrd data includes a user^ publfo key-encr^ 

key used. 

3. An applicatfon package as defmed in daim 1. wherein said at least a part of ^ 
codes whfoh are assigned to said volume or sakj at least one appficatfon and each 
with one of said volume or said at least one applfoatfon to vvNch th^ 

4. A padoge media on which an appifoatfon package as defir^d in cfoimi has been record^ 

5. A package media of a write-once type on whk^ an fi93plica1fonpad^ has beoi recorded. 
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6. A package media on wtiich an appfication package as defined in daint 1 has been recorded wher^ said at teast 
a part of said votume control data is recorded in an area different from data area where said appficatksn dala is 
recorded on the package media. 

7. A nielhod for sending data wHh a raised sectffity from a first det^ 
munication network, comprising the steps of: 

in said second device, ' 

generating a pseudo random number; 

transmitting saki pseudo random number to said first dwioe; 

in said f irst det^. 

encrypting said data %Mth said transmitted pseudo random nufit»er in^ 

encrypting concatenated data consisting of said pseudo random number and said encrypted data with a 

public ksy of said second device into douUe-encrypted data; 

sendng said doutsle-encrypted data to said secorid dwioe; in sakl second dence. 

decrypting said doutsie-encrypted data with a seaet kay of said second de^ which conresponds to said 

pubfic key into decrypted data consisting of a decrypted random nuntDer portion and another decrypted 

portion; and 

decrypting said another decrypted portion with said transnnlted random 

8. A nnethod for sending a pluiality of pieces of data with a rmsed seourtly from a first denoe to a second dance 
through a pubfic t^ecommuncatk)n network, comprising the steps of: 

in said second device, 

generating a pseudo random numt)er; 

transmitting sakf pseudo random number to said first device; 

in sakf fust device. 

encrypting each of said pieces of data with said transmitted pseudo random nunt>er into an encrypted 
piece of data; 

encrypting concatenated data conssting of said pseudo random number and said encrypted pieces of 

data with a public key of said second device into doubte-encrypted data; 

sending saki doUtJle-encrypted data to said second device; In sakf second 

deoryptkig said douUe-encrypted data with a secr^ key of sakJ second device wh^ 

pUblic key srto decrypted data consisting of a decrypted random rvrrber portion cund said pbrali^ of 

decrypted data portk)ns; and 

decrypting each of said decrypted portois wim saU transmHted random 
data. 

9. A method as defined in dam 7 or 8. further comprising the steps, executed after 
ble-enaypted data, of: 

(»t)ceedingtoanext step onfy if said decrypted raridomnuni>erporfon coincides with said transmitted p^^ 
rarvkyn ruj»Tt>6r; and 

sM second devk:e informing said frst device of a ta^ure m deayptkHi if saki decrypted random number por- 
tion does not coincide with sakJ transmitted pseudo random m^nber. 

10. In a system provided with means for playiig an applicatx)n contained in an app^^ 

nitting a user to play an encrypting key-encrypted applicatkHi cc^ned m a distrtxrted ap pl t catkm package which 
furthe- contains, as volume control data, a user's pubic key-encrypted enaypting key so encrypted as to be able 
to be decrypted with a secret key of the user Rilo Sffid encrypts^ te^^ 

reading said user's pUbTic k^-encrypted encryptirig key from said distributed appBcation pactege (said 
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ume); 

obtaining said secrm losy; 

decryptir^ said user's pMic tey-encrypted encrypting key with sakJ secret key to obtaki said encrypting key; 
and 

decrypting said encrypting key*^icrypted appficatran with said obtained encryptnig key into applcation data 
while passing said applkartion data to said means for pla^ an 1^ 

11. In a system comprising a dientprovkied with means tx playing 

and a server connected with the client throus^i a c o mmunication network, a method fa- penwtling a user to ptey 
one of encrypting key-enoTpted applk»lk)ns contained in a di^ 

as volume control data, a volume ID for kierrtifylng the kind of said cSstrtxited application pack^e (said v(^une)« 
an issue number issued to each volume of the kind in an issued oider and ^]plicaik)n IDs. the method canffirisffig 
the steps of: 

sakl dient reading said volume ID. saM issue nunt>er and an appScatkxi ID for said one of encrypting key* 
enoypted applK8lk)ns (said enorypting key<^ncrypted application) from said vohm and sencftig to said 

server; 

ki said server. 

retrieving aakl encryptRig key by using saU volume ID: 

retrieving a pti36c key of said user by using said volume ID and said 

generating a pseudo random nimber; 

doiMe-encrypting said encrypting key with sad pseudo random nuntser and said public key into a 
double enaypted data; 

sending said double-encrypted data to said dient; m said dienl 

obtaining a secret key of saM user which coiresponds to said pijMk; 1^ 

obtaffiing sakj encrypting key by decrypting said doubie-encry^ 

decrypting saki encrypting key-encrypted applicalk)n with saki obtamd encry^^ng k^ 

lion data whie passing said i«3plk»tMX) dato to sakJ means fcsr 

12. A method as d^ned in daim 10 or 11,whereffi said means for obtaining a secret^ 
said secret key from a portable memory of said user. 

13. A method asdeflned^daim 12. vi^m said portable mem^ 

14. In a system comprising a client provided with means for playing an application package and a server conneded 
vwth the dient through a oonTOjnk»tk>n netvwork for co^ 

taining. as vokmie control data, a vdixne ID and an issue number issued to each of the votumesofsakl volume ID 
ffi an issued order, a method for conbndling tiie amount of play time comprs^ 

said dient sming said volume ID and said issue number to saki server; 

said server retrievkig an expected play tin» associated with sakj voUme ID and said issue number; and 
said server acMing said expededptay time to the vakie of a total playtime ID and 

sakj issue nuT^. 

15. In a system conprising a diem provided wmi means for playing an applk^^ 

and a server oonneded witii the dient tfirough a commurecatkm network for coning the dient the s^lcoHon 
package (the volume) containing, as volume oontrd data, a volume ID. an issue nrniber issued to each of the vol- 
umes of said volifne ID in an issued order and an appfication ID for the appfication. a mettxxi for controlling the 
amoum of play time oonpridng the steps of: 

saki dient sending sad volune iD« said issue riurrbBr and said appfication ID to sad saver; 
sakl server retrionng an e)q)ededpl£v time associated with sakfvolunrie ID. said issue nun^ 
cation ID: and 

said server adcfingsakjexpeded play time to the value of a total play tinfK id and 

sakJ issue number. 
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16. In a system cx>fTpn6jng a citent provided with means for ptaying an application contacted in an application package 
and a server oorv>ecled with the client Ihroj^ a communication network for oontrofling the dieni ttie applicatxyi 
pad^e (the vtriimie} containing, as volume control data, a volume ID and an issue nunt)6r issued to each of the 
volumes of sakl volume 10 In an issued order, a method for conlrolSng the amoum of piaytim^ 

of: 

said cfient and said server Interactively measuring, as a nneasiffed play time, a play time of said appfication; 
and 

eaid server adding said measured play time to the value of a total playtime associated with said volume ID aid 
said issue number. 

17. Ame1hoda8derinedinctaim16,«vheretn8aidstepofm6asurtngapl^tinfieoom^^ 
said server. 

18. A method as defined in claim 1 6, wheremsaki step of measuring a play tinrieoonr^pri 
saiddier^ 

19. In a system comprising a cient for playing an appGcatfon pad^e and a server connected with the client through 
a commu«:ation network wher^ the applk»tk>n package (the vottane) oomphses appOcatfon data arxJ control 
data and at least a part of the control data has been added to tiie vokime after the creatkxi of said vofome, a 
method for sending dedred data from one side of sakJ diem and said server to the 0 

ing the steps of: 

including a seaet key of said other side in said at lest a part of said cont^ 

in said other side. 

generating a pseudo random numb^: 

transnvtting said pseudo random number to said one skle; 

in said one dde, 

encrypting saki desired data with sak) transmitted pseudo r^xtom mvber oito encrypted data; 
encrypting concatenated data consisting of said pseudo random number €Did sa^ 
sakJ ^AiAc key of said other skle into double-encrypted data; 
sencfing saki douUe-encrypted data to sakl other side; 

insaklo^er sde, 

decrypting saki double-ericrypted data with a secret Kay of sakf other skle which corresponds to sakl 
pubte key into decrypted data consisting of a decrypted random number portion and anc^her 
decrypted portion; and 

decrypting sak^ another decrypted portion with said transnvtted random numto 
data. 

20. A method as denned flridaim 19. whermsaki generating a pseudo random nuvte 

random number in memory, and wherein the metix)d further comprises the step, executed prior to sakI decrypting 
saki anottier decrypted portion, of: 

in response to a determination tiiat said decrypted random number portion does not cokK^ 
random rHflTt)er stored 01 saci means for storing saki psmido random nun^ 
sakf one sUe of a failure ki decryption kistead of passkig the control to next means. 

21. In a system confpr^ing a diem provkisd with means for playing an appf '^ 
and a server conneded with the dient through a comnuraation network a n^ 

appteation contained in a distrSxited appTication package wt^ further contains, as volume oordrol data, a volume 

ID for ktentifying ttie Mnd of sakI distrixited applicatfon package (sakt vdi^ 

ume of the kind in an issued order, and an appfication ID for sakJappTicatioa tiie nrethodoimprisi^ 
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procee(£ng to a next step only the value d a meter fiekl associ^ 

and said complication ID is under the value of a limH value field assoc ia t e d with said volume ID. said issue 
nunfter and said application ID in a volume data t^; and 

displaying a message inftxming an overlknit on a display device of said client and quit the opecation dhei^se. 

22. in a system conprising a diem provided with means for playing an appl^^ 
and a server connected with ttie diem through a oonminication n^^ 
appOcaJion contained in a distrixied application package which 

ID tor identifying the iQnd of said distritxited application package (said volume^ an issue numt>er issued to each vol^ 
ume of the kind in an issued order, an application ID for said appfication an^ 
appGcalion. the method conrprising the steps of: 

proceedng to a ne}d step only ff the value of a nieter field associated wi^ 
and said application ID in a volunedata t^e is under said Ivrat value; and 
(fisplaying a message informing an overtimit on a cfepley device of sai^ 

23. A method as defined in daim 21. wherein said Iknit value is one of effi^^ 
and fe'me» a masdmim) amourtf o< pl^ tinie. and an altowable access Gou^ 

24. A method as defined ai any of daims 11 « I5and 16, wherekieaidstflpof saidcfiemsaidirHitosaidsenwcom^ 
prises the steps ot 

said cfiem encrypting at feast one of said volume ID, said issue nur^ 10 into encrypted 

data: and 

said sender decrypting said encrypted data. 

25. A system for senting data witfi a raised seoOTty from a frst device to a second de^ 
nicalion network, oontorising: 

means pcovkJed Bi said second device for generating a pseudo random m 
means piovided in said secoriJ device for transnUtting said pseu^ 
means provided in said first device tor encrypting said data wr^ sai^ 
an encrypted data; 

rneaiis provided in said fist device tor encrypting ooncmenated data oonste^ 
and said encrypted data with a put3fic key of said second device into do^ 
means provided in said first device for sending said double-encrypted data to ^ 
means provided Ml said second device for decrypting said ctoutjle-enc^^ 
ond device vjrfiich corresponds to seki ptWk: key into decrypted data consist 
portion and another decrypted porton; arvl 

means provkted in saxl second devtoe for decrypting said another decry^ 
dom nunter to dMain s»d data. 

26. A system for sendir^g a pluiafity of pieces of data with a raised secuity from a first devfce to a second devfoe 
through a pubTic teleoommunicatton netwoiK oornprising: 

means provkted in said second devfoe for generating a pseudo random nun^ 
means provkM in saU second devfoe for transmitting said pseudo ran 
rneans provkied in saki first devioe for encrypbng each of said pieces d data wf^ 
domntvnberinto an encrypted piece of data; 

means provkJed in 6a« first devfoe for encrypting coocatenmed data conste^ 
and saw encrypted pieces of data with a putJlc key of said second dance i 
means provkied in sakt first devfoe for sending sakj doU)le-encry^ 
means provided in said second devk» for decrypting said doUife-encr 
ond device whfoh corresponds to saki put>8c key into decrypted data consist 
portfon and saU plurality of decrypted data portions; and 
n^ans provkied in said second devfoe for deaypting each of sakt dec^^ 
dom number to otTtain sakl pieces of data 
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27. A system 88 defined In claim 25 or 26. fi0lhercom^ 

means, provided in said seomj device, activated prior to decrypting each of said decrypted podions and 
responsive to a determhation that said decrypted random number portion does not coincide with said trnns- 
nvtted pseudo random number, for informing said first device of a failure in decryption instead of passing the 
control to next means. 

28. A system fa playing an «icrypta^ key-encrypted applkationaxTt^ 

further contains, as volume control data, a user's pubGc key-encrypted encrypting key so encrypted as to be able 
to be decrypted with a secret kQy of the user into said encrypting key. 

means for reading said user^ public key-encrypted encrypting key from said distributed applicatnn package 
(said volume); 

means for obtaining said secret key; 

means for deaypting said user's public key-erKrypted encrypting k^ with sak^ secret key to obtain said 
encrypting key; 

means for decrypting sakl encrypting key-encrypted appficatfon with saM obtained encrypting key to provide 
cyppiication data; and 

means for using said appfication data for picking. 

29. A system for permrt&^g a user to play an encrypting key-encrypted s^icationcon^^ 
package which further comakis, as voHjrne control data, a volum 

cation package (said volume), an issue number issued to each voiunne d the k^^ 
tfon IDs. the system comprising: 

a cfient for playing an appScation t^ usffig applicatfon data; and 

a server for contnollhg said client through a oonvnunicatjon netvKork, wherein sakl client comprises: 
means for reading and sending said vofajme ID, said issue number and an application ID for said one of 
encrypting key-encrypted applicatk)ns (saki encryp6ig key-encrypted ^icatfon) from said volume to said 
server. saU server oonprises: 

means tor retrieving said encrypting key by using said volume ID; 
meansforretrl0vkigapii3Kckeyof said user by using saklvolunw number; 
means for generating a pseudo random number; 

means for double-encryy^ said encrypting key with s ai d ps e udo random nurr^ 
adouble encrypted data; and 

means for sending said doUsle-^icrypted data to said dtenl and said c^ 

means for obtainng a secret key of said iser which corresponds to sakl public key; 

means for obtaming said er»>pting key by decrypting said doutlte^^ 

means for decrypt^ saki encrypting key-encrypted ^3ptication with said obtanied encrypting key to pro- 

vkie application data; and 

means for using sakI appficatfon data for piecing. 

30. A system as defined in claim 2B or 29. wherein saklnraans for obtaining a secret ksycon^^ 
sakI secret key from a portable memory of safo user. 

31. A astern as defined in claim30p wherein sMport^e memory is an to card. 

32. A system for permitting a user to play a distnbuted appOcatfon package which firther contains, as volume control 
data, a volunra U3 tor ider^ng the kind of sakJ (£8tri3uted applkston padQ^ 

issued to each vohime of the kind in an issued order, the system oomprisir^: 

a dient for playir^ ssati dstrbuted application package: and 

a server for controlling said dient through a conrninicatkyi n^worK vi^ereei: 

said client comprises means for sending sakJ voluiie ID and said issue nuni>er to saki server; and 

said server oonprises nteans for retieving an expected play time associated with sakI vo&jme ID and said 

issue nunrt)er. and nieans for »ldaig sati e}q[>ected play t^ 

said vokiry» ID and saU issue number. 
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33. A system for permiiting a user to play an application contaffied in a distributed applcotion package which further 
contains, as volume control data, a vokflne ID for identic pactaoe(8aid 
volume), an issue nunt>er issued to each volume of the kind in an issued order and an appOcation Dior the appli* 
catfon, the system comprising: 

6 

a client for playing said application; and 

a server for oontrollhg sati cKem throui^ a Gommunicatfon netw^ 

said cfient comprises means for sending said volume ID. said issue nunt>er and said applicatkxi ID to said 
server; and 

10 said server comprises means for retrieving an expected play tkne associated with said volume ID, said issue 

nun^ and said application ID. and means for adding said e)qF>ected play time to the value of a total 
associated with said volume ID and said issue number. 

34. A system for pemiitting a user to play an applkation contained in a distr^ 

IS contains, as volume control data, a volume ID for kfentifying the Mnd of said distributed i^3p6cation padoge (said 
volume), an issue number issued to each volume of the kind in an issued order and an qspltcation ID for the i^i^pli- 
cation, the system oompristng: 

a cfient for playing said application; and 
20 a server fix oontralfing said diem through a oommunkadionnetwori^w^ 

sati diem and safo sen^ cofiVrise means for imeractively 
of said ^splicatfon; and 

said server further comprises means for adding sakJ measured play 
ctated with said volume ID and said issue number. 

25 

35. A system as deTffied In daim 34. wherein saki means for imeractive^ 
using a timer of eaki sender. 

36. A system as defned in daim 34. wherein said rneans for imeractivelymeesuri^ 
50 using a Inner of sakjdient. 

37. A system for permrttng a user to play an application package (the volume) 00^^ 

data wherein at least a perl of the control data has been added to the volume aftor tte create 
system comprising: 

36 

a cGent for playing saki vdime; and 

a senw for comrofling saki cfient through a communkatfon netwwX wherefri sakJ server conprises meais for 
skxing a seaet key of sakJ sen/er and said at least a part of said contrd data 
ing to saki secret key. and wherein the sy^em comprises: 
40 rneansprovkled in said sen«r for geneialrng a pseudorandom number; 

means for storing saki pseudo random number; 
ineans provkled in sad sen/er for transmHting saki pseucto render nu^^ 

means provWed in saki dienl for encrypting desired data with sak5 transmitted pseudo random number into 
encrypted data: 

45 rneansprovkted in saki cGem for «icrypt*nga)ncatenated data corisist^ 

sakj encrypted data with sakJ pUslic key into doubl e-encrypted data; 
means provkfed in said diem for sending safo double-encrypted data to safo s 

means provkf ed in saki server for decryptkig sakf double-encrypted data with sakf secret key into decrypted 
data oortsisting da decrypted random number portfon and another decrypted portfon; and 
so means provfoed In saki server for decrypting saki another decrypted portwn with saki transmitted random 

number to obtain saki desired data. 

38. A system as deTmed In datm 37« further comprising: 

55 means, provkled in saki sen^. activated prior to saki decryi^tng saki another decrypted portion and respon- 

sive to a determinatfon that saki decrypted random nun*er palion A 

number stored in saki means for storing saki pseudo random number, for kiformkig saki cfiem of a faflure in 
decryplfon instead of passing the control to next means. 
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39. A system for pemitting a user to play an appfication cx)rTtalned in a distrkxited ap(:^ication package vvtich further 
contains, as volume control data, a volwne ID for identifying the kind said dislrlxited appttcatiwi package (said 
volume], an issue number issued to each volume of the kind in an issued order and application IDs. the system 
comprising' 

5 

a client for playing an application by using appTication data; and 

a server for controlfing said dient through a conrmjnicat'on networK wherein said cHent comprises: 

means for reading and sencfing sakl volume 1D« said issue ruimber and an applicatfon 10 for said one of 

enaypbng kay-encrypted appfications (sakl encrypting key-encrypted application) from said volume to said 

10 sender, saki server comprises: 

means for proceeding to ne}d step only if the value of a meter fieU associated wi^ 

number and said application ID is inder the value of a Innit value f iekj associated wifh sakf volume ID. sati 

issue nunto^ and said apfidicatfon ID in a volume data table; and 

means for causing said dient to display a nrtessage inliorniix^ 

16 quit the operation othenmse. 

40. AsystemforpGnnHtingauser toplayanapplk:atk)noonto 

contains, as volume oorilroi cteda, a volume ID for Ktentifying the kind of said dsbtuted applfcatun package (saki 
volume), an issue number issued to each volume of the kind in an issued order, applicittion IDs and limit values 
20 associated with respective appScatfon IDs for limiting the play of respective applicatkMis, the system comprising: 

a dient for playing an applicatfon by uskig application data: and 

a server for controlling sead dient through a oommunfoation networi^. wherein saki cKent comprises: 

means for reading and sender^ sakJ volume ID. said issue number, an ^icatfon ID tor saki one of encrypting 

2$ key-encrypted applkatfons (saki encrypting key-encrypted application) and a Knit value as sociated with saki 

application ID from saki vokinie to said server, and wtweinsakf server comprises: 
means for proceedirHl fo a next step only if the value of a meter fiekf associated with sa^ 
nuni)er and saxj application ID » a volume data table is under said Kmit value; »id 
means for causing said dient to display a message infonriing an overMt m 

30 quit the operatkxiolfienMse. 

41. A system as deRned in claim 39. wherein sakl limit vidua is one of efiective date a^ 
and time, a maximum amount of plsy time, and an alfowable access oounL 

3S A2. A system as defined in any of clavns 29. 33 and 34. wherein said means for sending to saki server oonprises 
means for encrypting at least one of saki vokime ID. saki issue number and safo applicatfon ID. 

43. A metfKxi for permitting an authentic ixef to play a desired one of the applkatfons contained in a distrfouted appli- 
cafion package in a system capEdble of playing an applcation. wherein said appTicatfon package (said vdume) oon- 

40 tains vohimecontrd data indudingnfKXie codes assigned to saki volume and the ap^ 
method comprising the steps of: 

deddkig to use one of predetennined play modes spedTied by one of saki mode codes assodaled with said 
desired c^iplication; and 
46 playing saki desired appScation in said specified play mode. 

44. A method as d^med in dakn 43. wherein the method further comprises the step of Indudtng. ri saki mode codes, 
values indkative of a free play mode and at least one limit-attached |^y mode wtuch con'espond(s) to respective 
Timit vafoe(s) used for fimHing usaga 

so 

45. A method as defined in daim 44. wherein saki step of playing said desired applicatfon comprises the step of: 

in response to a determmalion that saki one of saki mode codes associated with saki desired applfoatfon 
roludes a vafoe incScative of saki free nfxxle, sim^ 

55 

46. A nrielhod as defined in daim 44. wherein safo step of playing saki desk-edap^^ 

h response to a detenmratfon that saki one of saki mode codes associated with the desired applicatfon 
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incUe8 one of values indicatfve of sakj at least one fimrt-attached play mode, displayino a message to Ihe 
effect that a limit value associated mth sakl one of vakies has been reached Instead of playing said desired 
applicat'on if said iimK vahie has t>een reached. 

5 47. A method as defined in claim 43, wherein said volun^ control 

and an appticaUon ID for each of said applications, and wherem said step 0^ 
play modes comprises the steps of: 

obtaireng said one of said mode codes associated wHh said desired appScation and oorrespondng fimit value 
10 |}y using said api^cation ID: and 

comparing said one of said mode codes with a meter vi^ associated v^ 
and said application ID. 

48. A method as defined in claim 45, wherein each of said applications has been each encrypted with an enaypting 
IS key and said volume control date indudes a user's pubGc key-enorypted version of said encrypting key (a public 
kay-enaypted vefsk)n encrypting key), and wherein said step of sifrply pl^ng said desired application comprises 
the steps of: 

readkig saad user's public key-encrypted encrypting key from said volume; 
20 obtaining a leer's secret key which corresponds to saklluser^b pubic k^. 

decrypting said user's pubic key-encrypted encryptirx) key with said use^ 
key: Sid 

decrypfing said desH^ed appBcatksn with saki obtained encrypting 

25 49. A system for pernvttkiQ an authentic user to play a desired one of the applk^^ 

catkm padoge, wherein s&ti applkatkxi package (said volume) contains vokime control data including mode 
codes as^gned to saM volume and the applications of said volume, the sy^ 

means for decidnig to use one of predetermined ^ modes spedffed by one of said mode codes associated 
so with said desredapf^cation; and 

means for playing said desired applicatkxi in said spedfied pl^ mode 

50. A system as defined in daim 49. wherein the system further comprises means for inckxiing. in saki mode codes, 
values Micattve of a free play mode and at le^ one fimit-attached play n^ 

35 fimit value(&) used for limiting usaga 

51. A system as defined in clakn SO, wherein said rneans lor playing said des^ 

means, responsive to a detennnatkxi that sakj one of saki mode codes associated with saki desked appTica- 
40 tion includes a value incticative of saki free play mode, for simply playing sakt desired applicatkm. 

52. A system as defined in dakn 50, wherein saki means for playing saki desired ap^ 

means, responsive to a determinatkxi that saki one of sad mode codes associated with tie desired applicatkKi 
45 includes one of vakjes kidicative of said A least one iknit-attached play mode, for displaying a message to tfie 

effect that a limit value associated with saki one of values has t>een reached instead of playkig sak) desired 
application if sak) limit vakie has been reached. 

53. A system as defined in daim 49, wherdn sax! volume oontrcd data fulher indudes a volume ID. an issue nmiber 
60 and an appScat»n ID for each of saki epplk»tions. and whereki saki means for deckfing to i^e one of predeter- 

mined play modes comprises: 

means for obtaining saki one of saki mode codes associated with saki desired 
limit value by using saki applicatk)n ID: and 
55 meanslbrconpartng saki one of saki rnode codes with a meter value assodatedw^ saki 

Issue number and saki appGcafion ID. 

54. A system as d^rod in claim 51, wherein each of saki appTicatksns has been en^^ 
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said volume control data Includes a user^ public key-encryi^ed veiBion of said encrypting key (a pubfic key- 
encrypted version encrypting key), and wlierein said means for sirrvly ptaymg said desired application comprises: 

means for reading said user^ public key-encrypted encrypting key from said vdume; 

means for obtaining a user's secret Key wtifch cc^esponds to said user's pubSc key; 

means for decrypting said user's putlK key-encrypted erx:ryptHrig key with said user^ secret key to obtari said 

enaypting key; and 

means for decrypting s^ desired application with said obtamd encrypting key. 

55. A method for permming an authentk; user to play a desired one of the applicati^ 

catfon package in a system compnsing a diem capable of playir^ an appication and a server connect 

dient through a communk»tk>n networK wherein sad application package (hereinafter refen-ed to as '^said vd- 

umel contains volume conArol data inckjdkig mode axles assigned to said v^ 

ume. the method comprising the steps of: 

said dient deciding to use one of predetermined play modes specified by one 

said desired applicatfon; arri 
playkig said desred applkalion in saki specified play mode by ni^^ 
said server. 

56. A method as defined in daim 55. wher«n the metfwd further conprises the step of ffiduding, in each of said mode 
code, a vahie induHtive of one of a free play mode, a charged ptey mode and at least m 

wherein said vokm control ctota further comprises a fMt vakje associated wifli each of saki at least one imit- 
attached play mode. 

57. A method as defined in daim 55 or 56. wherein saki vokime control data further inc^jdes a volume ID. an issue 
nimiber. mi an applicatfon D for eachof safo^icatfons. and wherem safo step of playing said desked applk»- 
tton in sakI specified play mode Mudes an appGcatfon play step of 6 

58. A method as defwied in daim 57. wherein each of saMappifoaifo^ 

has been encfypted with an encrypting key and said voli^ne control data includes a user>s pukific key-encrypted 
versfon of saki encrypting key (a putslk: k^-encrypted version encrypting key), and wherein sakd applicatfon play 
step comprisir>g the steps of: 

reading said user's pubte key-encrypted encrypting key frcmi said volume; 
obtaining a user^seaet key wtw:hcon'espond5 to saki users publfo key; 

decrypting said users pubfic toy-encrypted encrypting key with said users secret key to obtain saM encrypting 
key: and 

decrypting said desired appffoation with saki obtained encrypting key 

SB, A method as def ffied in claim 57. wherein each of saki ap(^foatfons contained fo a distnlxited epslfoation package 
has t>een enoypted with an encrypting key and saki volume oonM data nKfajdes a user^ putilfo kay-enciypted 
veisfon of saki encrypting key (a pUblfo key-mrypted versfon encrypting key), and wherein saki applicatfon pl^ 
step cornprises the steps of: 

insafoserv^. 

retrieving an encrypting key by using safo vofome ID; 

retri^^ng a users public key assodated with saki vokmie ID and said issue nunter; 
doubfo'-encrypting safo encrypting key with a pseudo random number and sad 
ble encrypted data; 

sending said double-encrypted data to said dient; in safo client 

ob^r^ a user's secret key wtuch conresponds to safo user's pdsic key; 

obtaining said encrypting key by decrypbr^ safo double-encrypted data with saxi usens secret key; 

deaypting saki desered applfoation vtnth saki obtained encryptirig key. 

60. A mettnd as defined in daim 57 . wh erei n saki step of playing saki d esired ^ipfiOBtfon further comprises the steps, 
executed prior to saki appltcatfon play step, of: 
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said server retrieving an expected play time associaled with said desired application; and 
displaying said expected pl^ time on a cfisptay device of sod cGent 

61. A method as defined in daim 57. wtierein said step of playing^ 
of: 

measuring, as a measured play time, a duration of said application pl^ step; 

addkig said measured play time to a play time mete associated witfi said mode c^ 
of play time; and 

displaying said measured play time and said total amount of play Hme on a cfispley device of said dient after 
said application play step. 

62. A method as defined in dakn 61 «wtierein said step of measuring a duration conpr^ 
play tin« by using a timer of said server. 

6a. A method as defined in daim 61. wherein sod stop of measuring a duration oon^^ 
play tmie using a timer of said dient 

64. A method as defined in claim 57. wherein said step of deciding to use (me of predetenmined play modes oonprises 
deciding to use said charged play mode ff said one of said mode codes associated wHh said deseed application 
indudes a value indicative of said charged play mode, and wherein said step of playmg said desked application 
comprises the steps of: 

said diem obtaining and sending a ae(£t C9tl number of said user t> said 
proceedng 10 a next step only if the aedit card of said nunt)er is found to 
dated aedit company; 

cfispl^ng, on a display device of said cfient a charge for play decided based on a measurement of a duration 
of said appTication play step and a total arnoum of play charges after said a ppK ^ ^ 
said sen/er chargir^ said play to said credit card number. 

65. A method as defmed in dalm64« wherein said step of playing said dedred 
prior to said application play step, of: 

<£splaying. prior to said application play step, an expeded charge an^ 
said display device; and 

lettBig the user decide whether to play said dedred ^ication. 

66. Amethoda6definedindaffn64.where(nsaidstepofs8»dcilentobtainingan^ 
user to said server conprises the steps of : 

in said server. 

generating a pseudo random number; 

storing said pseudo random numte in memory; 

transmrtting said pseudo random number to said dient; 

in said dient 

pronpting said user to input said credit card number; 

double-«Ka>i3ting said crerft card number first witii said transmitted random number and then with a 
severs public key Included in said volume control data into a double^encrypted nuntoer; 
sending said double-ancrypted nimtoer to said server; in said server. 

decrypting saiddouUe-encrypted number writh a server's secret key into a decrypted random number and 
another decrypted data; and 

decrypting said anottier decrypted data with said transnvtted random number to otrtavi said credit card 
number. 

67. A method as denned in daim 66, wherein said step of said dient obtaining and sen^ 
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user to said sefv^ further conrprises the stops, executed prior to said step of decrypting said another erKrypted 
data, of: 

proceeding to a next step only if said deaypted random mrrbec cc^nddes with sa'd pseudo random number 
5 wt^ has t>een stored in said memory; and 

displaying a message informing a taiKire in decryption and quitting ttie operation otherwise. 

68. A method as defined in ciavn 57 wherein said step of deciding to use one of predetermined play modes comprises 
deciding to use one of said fit least one Bmrt-attached play nK)de if said m 

10 said desired app&catton includes a value indicative of said one of said at least one limit-attached pley mode, and 
wherein said step of playsig said desired application comprises the step of: 

in response to a determination that a meter value associated with said one of said mode 
said desired appfication in a record identic by said volume ID, said issue nunt>er aid an q^f^caton ID of 
IS said desired application m a volume data table has reached a limit value associated with said mode code, dis- 

plcying a nriessage infonnng an overiimit on a display device of said dient 
play step. 

69. A method c^defkYed in daim 68. wherdn said finvtvafaje is orie of effective 
20 and tirne. a maximum arnoiHit of play time, and an allowable access oount 

70. A system for playing a distriwted application package in one of predetenra 
wherein the appficayon pactege contains a data set encrypted wHh an « 

each of at least one appfication and volume control data for use in controKng operation of ffie system and the 
2S senw and the volume control data inchdes mode codes defining said play mod^ 

noeans for permit^ a user to select one of said at least one ^jplicatfon of said volume; 
means for deciding to use one of said predetemvned play modes associated with one of said mode codes 
asst^ied to said selected application; and 
30 means for playing said selected appBcation in said selected play mode Hi oonc^ 

71. A system as defiled in daim 70, wherein each of said nKxje codes includes one ^ 
charged play mode and at least one fimtt-atladied ple^ mode. 

3$ 72. A system as defried in claim 70, whereki said volume control data further ind 

andanappiicatfon ID for eadi of said ^splications. and wherein said means tor playing said sded^ 
said selected play mode at least contprises: 

means for setting said sen/er for said sdecled play mode by sendhg to said se^ 
40 number, and the appHcation ID and said mode code associated with said selected appBcalion; and 

application play means for sknply playing said cpedfied applicatfon. 

73. A system as defined in claim 72. wtiereki said volume control data further includes a user's public key-encrypted 
encrypting key. and wherein said ^jpGcation play means conprises: 

45 

means for reading said user% public key-encrypted encrypting key from said volume; 

means for obta'^iing a user's seaet key which corresponds to said user's pubfic key; 

means for decrypting said user's public key-encrypted encryptffig with said user's secret key to obtain said 

encrypting key; and 

so means for decrypting the K-encrypted data set of said selected applcatfon with said obtained encrypting key. 

74. A system as defined in daim 73, wherein means for decrypting said user's pMc key-encrypted encrypb'ng key and 
sakl means for decrypting the K-encrypted data set are raized as an integrated circurt 

ss 75. A system as defined in ctakn 72. wherein said applkstion play means conpnses: 

means for recehnng double-enaypted data from said sen/er; 

means for obtaming a user^ secret key wtBch oon-esponds to saU user 
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means for oteining said encrypting tay by decry^^ 
and 

means for decrypting the K-encrypted data set erf sakl selerted appficatfon with sakl obtain 

5 76. A system as defined in c^im 75. wherein nneans for obtaining said encrypt^ 
the K-encrypted data set are realized as an integrated dmii 

77. A system as defined in daim 74 or 76. wherein said Integrated circut is incorporated into said meare for obtaining 
a user^ secret key. 

10 

78. Asystem as defined in daim 73, wherein said nwans for deciding to use one comprises means for deciding to use 
a free play rnode and wherein said means for playing said selected appiica^ 

said application play nrieans, of : 

15 mem for receiving data from said sen^: and 

displaying said data as an expected play tinie for said selected appl^^ 

79. A system as defned m daim 73, wherein said means tor deciding to use one of said predetemmd play modes 
oonpiises means for deciding to use a free play mode, and wherein said nma^ 

20 tion further comprises: 

means for causing said server to obtain, as a measitfed play lima date of a operato 
play means: 

means for receiving first and second data from said server; and 
25 rneans fCH^(£sp<aylrigJi^Bfter the completion of operatfon by said app^ 

ond data as said measured play tinrie and a total anfKum of play tin^ d^ 
total amount of pliy time. 

80. Asystemasdefinedinclaim79.wherein8aidn)eansforcau&Rigsaidsen^ertoabt^ 
so comprises means for intorfrtng said server of the start and the end of operato by sak^ 

utifize a timer of said server. 

81. A system as d^ined in cfaim 79. wherein said means for causffig said server to cbtan 
comprises: 

36 

nrieans for nieasuring said operatk>n period d said application pla^ 

means for sending said operation perfod to said server for use in a calculi 

82. A system as defined in daim 72. whereh said means for deciding to use one comprises means for deciding to use 
40 a charged play mode and wherein said means tor plying said sdededapp^ 

means fbr obtaining and sencfing a aedit card numl)er of said uso* to said serv^ 
means responsive to a verification result of said aecfit card from said server f^ 
said residt is positive; and 
45 nieansfixdisplayaYg a charge for play decided based on a measured play time of 8^ 

and atotal amount of play charges after operation of sakfappfa'cation play means. 

83. A system as defined in dakn 82, wherein said means for playing said selected application further comprises: 

so means activated prior to operation of said application ipAa^ means for displayhg an eiqdected diarge and an 

eiq)eded total amoum of charges and letting the user decide whether to sak^ 

84. A system as defhedhdahii 82. wherein said volume corttrd data of said dist^ 

indudes a seder's piMick^. and wher«n said means for obtakHng and sending a aedit card nuirber of said user 
55 to said server comprises: 

means for prompting said user to irput said aedit card r«int»er; 
means for receiving a random rumber from said server: 
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moans for obtahtng sakJ servets public key from said vohmie; 
means for double-^KTypting &aid a6(£t card fimteftf^ 
public key into ackxjNe-encrypted data; 
sendirig said doUUe^encrypted nunnber to said server; 

6 

85. A system as defined in daim 84. wherein said means for said dtent obtaintng and sendeig a credit caid numb^ of 
said user to said server further comprises: 

means responsive to a positive resutt of raridom number chedcfnvn said serm 
10 means responsive to a negative result of said mndomnuni>er check from said sermf^ 

indicative of a failure in sakl random number check and quittkig the cper^^ 

86. A system as defined in daim 72. wherein: 

IS saki means for deciding to use one comprises means fcr deciding to use a limit-^^ 

sakf sending to sead server indudes sending a limit value aesodaled with said mode code, and wherein said 

means for playing said selected application further oonprises: 

nf«ans operative prkx to operatkm of said applcation play rneans for rece^ 

resuK indicative of whether a limit value associated with said mode code has been re^hed; and 

20 means re&por^sive to an ovft- (hit case of saki result lor slartffig a next operatton. 

87. A system as defined in daim 68. wherein said liint vakje is «ie of effective date and time, atowable o^Fatkxi date 
and time, a maximum amount of play tkne. and an alkiwable access count 

2S 88. A system for controling through a comnrunicatton network a cCentdon^ 

HI one of predetermnied play modes, whereei the application package contains a data set encrypted with an 
erK^rypting key (a K-encrypted data set) for eadi of at least one 

trdlff^g operatran of the system and the dient and Itie vohsme control data indudes a volume O. m issue njnioef, 
an application ID for each of said appficatkins, and a mode code fx sakl votunrie or nwde codas 
30 tN>ns. the system conprising: 

volurne data table for storing, for each volunie. saU volume ID, sakj issue 
ume, and said applk^atton ID and said mode code for each of said applications; 

means for receiving a service request, a vokime ID. an issue number, an appScation ID and a mode code and 
3S other data from eakj dient 

means for storing sakf received appication ID, sak^ received nrade code and other data m appropriate fietos of 
a record IdOTtified by saki volume ID and saM issue number; 

nwansresponsivetoadeternfinatkxithatthere is rto record denttfiedbysakivok^ ID and said issue nurrber 
in sad volunie data table for ack£rig said record in sakl vok^ 
40 IDandmodecodeandsaxjoth^datainrelevantfi^dsofsakf record; and 

means operative on the basis of said received rnode code for decking to subsequent^ thecontnd to 
means for sin^ng a play rnode associated sakf received mode coda 

89. A system as defined in daim 88. wherein sakf means tor sifsporting a pl^ 

46 porting ^ytplication play means, of dient for sirrply playing an appficatton ktontiFied by saU received applicalion ID, 
and wherein scM niearis for 6^3porting said appficatton play m 

first meais for associating a given volume ID with a conresponding encrypting key; 
second means for associating both a given vokjme ID and issue number with a conasponding userls pubSc 
» key; 

means for retrieving an encrypting key associated with saki reooved vohm 

means for retrieving a user's public key associated with sakj received ^ume ID and issue number trom sakil 
second means; 

nr^ans for double-encrypting saki encrypting key with a pseudo random 
ss a double encrypted data; and 

senfing saki double-encrypted data to sakJ dient 

90. A system as defined in dakri 89. fuifter comprising an ap pl i ca tton data 
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cation, wherein said received mode code defines a free pl^ niode. and wherein eaid means for sifiponing a play 
mcxie associated said received mode code ooinprises: 

nieans, activated prior to an operation of said means fer Slippoflkig application ptay means of said dient for 
5 retrieving an expected ptay tinie associated with sad receive 

and 

means fior sending said e)9>ecled play time to said dient 

91. A systan as defined in claim 89. wfterem said received mode code d^es a free play mode, and wherein said 
10 means tor sipporting a play mode assocated said received mode code con^ses: 

means for measuring, as a measured play time, a duration of application ptey; 
means for adding said measured play tirne to a pliy lime meter assodated 
said volume data table to obtain a total amount of play Hme: and 
15 means for smfing said measued play time and said total amoum Of play time to 

92. A system as defined in claim 91 . wherein said means for measuring a Airation comprises: 

means responsive to a notice of the start of opmtion by said application p^^ 
20 atimer:and 

means responsive to a notice of the end of said operation for stoppng said timer. 

93. A system as denned in ctaim 91. wherein said means for measuring a duration conv^^ 
26 means for receivvig a measured duration from said dient. 

94. Asystemasdefinedindaim88.wherein6ajdreceivedmodecodedefine6ach^ 
means for siworting a play mode assodmed said received rnode a)de 

so means for receiving a aedrt card nunt>er of said user from said server 

means, responsive to a determination, from a verification of said aedit card nmber, that said cre^ cant 

number is not valid, for intornmng said diem d imali(% an^ 

aplaynKxle: 

means, responsive to a determinatioa from said verification of said cracfit card number, that said aedIt card 
35 number is valid, for informkig said cSent of a vaf idHy and prooeecfing to a next operation; and 

means for charging said play to said credit card number. 

95. A system as deTned in claim 94. wtierein said means for supporting a play mode associated sad received rrKxle 
code further oonprises: 

40 

means actrvated prior to operation of said application play means of said cfaent for retrieving an e)q)ected 
chvge from said eppticcttion data table by uskig said received application ID; 

means for calculating a sum of said expected charge and a value of a charge meter associated v^h said 
received volume ID a application ID depend^ on said received mode code; 
46 rneans operative prior to operation o1 said application play oieans for sendffig said ex^^ 

sum to said diertt; and 

means responsive to a receipt of a message of cutting for quitting said me^ 

96. A system as defned in daim 94. wherein said nfieans for receiving a credit card nunt»er of said user from said 
60 server comprises: 

means for generating a pseudo random number; 
means for storing said pseudo random nunt>er in menKxy; 
means for iransmrtiing said pseudo random number to said dient; 
55 means for waiting for a double^ncrypted data from said dient; 

means for obtakiing a servers secret key; 

means for deaypting said douWe-encrypted number with said server's seaet key into a decrypted random 
nuT^ and another decrypted data: and 
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means for decrypting said another enaypted data witti said transmitted random number to obtain said aedit 
caidnunt)er. 

97. A system as defined in daim 96, w/herein said means lor obtaining a user's secret key oornprises means ior readoig 
5 said uset^ secret Key frm a portable memory of said user. 

98. A system as defined in daim 96, wherein said means for reoeMng a aecfit caid mmt>er of said user from said 
server further oonprises: 

10 means responshre to a deternr«riatioamKfeprk>r to said decrypt 

nunte coincides with said pseudo random mint>er vvhich has b^ 
ble message to said dient and proceeding to a next operation: and 

rrieans responsive to a d^ermination, made prior to said decrypting said another, that said decrypted random 
number does not cdndde with said pseudo random roimber whi^ 
75 a dis^e message to said cfient and quitting said SMpporting a play mode 

99. A system as defined in daim 88. wherein: 

said received mode code ddines a (imit-attadied play mode; and 
20 means for receiving a service request further receives a fimit value associated with said mode code, and 

wherein ssud means for supporting a play mode associated said received mode code oornprises: 

n^eans for proceeding to a next operas only if the value of a sof^Mare meter assoM 

in said vdume data teyMe is uider said fimit value; and 

means for sencfing a message Informing an over lirnit to said ciem and qui^^ 
25 sMPPorting a play mode associate d said receded nwte code if the value of a sofhw 

said mode code in said volume data table is not under said limit valua 

100^ system as defned in daim 99, wherein said limit value is one off effecBve date and lime, aftowabte 
and tirne. a manmum amoum of play tirne. and an aitows^ 

$0 

lOl^system as defhed in any of dairns 54. 73 and 75, v^iereirisaid meansfor obtti^^ 
nrieans for reaoRng said user's seaet key from a portaisle memory of said us^^ 

1 02.A system as defined in daim 28 or 29. wherein said means for obtaining said seaet toy oornprises means for read- 
^ ing said user^ seaet key from a polabto memory of said user. 

lOSiA method as defined in any of daims 10. 11. 19. 21. 22 and 55, wherein said application pactoge is recorded on a 
package media. 

40 1 04^ method as defined in daim 1 03. wherein said package media is of a writeonoe type, and saki dient is a system 
c^^a^e cS ptaying said package mecia of said «^e-once type 

105.An application package as defined in daim 1. wherein said padoge meda is distributed to a pcffchaser thereof or 
a subscriber thereof via a transm'ssran media. 

45 

106J^ system as defined in ^y of dafans 28. 29, 37. 39. 40. 70 and 88. wherein said application package is recorded 
on a package media. 

107^ astern as defined in daim 106. wfierein said appOcatton padoge is recorded on a package media df a write- 
60 once^pa 

108^ system as defnied in daim 106. wtwein at least a part of said vokime control data is recorded, after manulac- 
ming said padcage mecfia. ffi an area different from a data area where said at least one appfcalion is recorded. 

55 109^ system as defrted in daim 108. wherein sakjl dient is a system provkied with means for playing sakJ pack^ 
mecfia of said write-once type. 

1 1 0A system as de^ed in any ^ claims 28, 29, 37. 39, 40. 70 and 88, wherein said applcatkxi package is recorded 
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on a DVD and at least a pari of said volume conM data 16 re^^ ina 
BCA (burst cutting area) of the DVD, and wherein said dieat is a system provided with means for playing said DVD. 

IIIJ^ method as defined in anyof claims 10. 11. 19. 21. 22.43aid55. wher©infrieappCcal>onpad«gehast)eendis< 
trftxited to a purchaser thereof or a subsag)er via a transmission mec^ 
data has t)een ackled to saU applicatxjn package after preparing 

1 12^ system as defined in any of daims 28. 29. 37. 39. 40, 49. 70 and 88, wherein said application pack^ has been 
distri txiled to a piirchaser thereof or a subscrter thereof via a tmnsmissfon media and cd least a port of said vol- 
ume control data has teeit\ added to saidapplicafion padage after preparing said appicatk)n packaga 
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